Skip to content

cqHack/Wordpress-XMLRPC-Brute-Force-Exploit

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
README.md
README.md
 
 
passwords.txt
passwords.txt
 
 
wordpress-xmlrpc-brute-v1.py
wordpress-xmlrpc-brute-v1.py
 
 
wordpress-xmlrpc-brute-v2.py
wordpress-xmlrpc-brute-v2.py
 
 

Repository files navigation

Wordpress XMLRPC System Multicall Brute Force Exploit (0day) by 1N3 Last Updated: 20170215 https://crowdshield.com

ABOUT: This is an exploit for Wordpress xmlrpc.php System Multicall function affecting the most current version of Wordpress (3.5.1). The exploit works by sending 1,000+ auth attempts per request to xmlrpc.php in order to "brute force" valid Wordpress users and will iterate through whole wordlists until a valid user response is acquired. It will then selectively acquire and display the valid username and password to login.

USAGE: ./wp-xml-brute http://target.com/xmlrpc.php passwords.txt username1 [username2] [username3]...

About

Wordpress XMLRPC System Multicall Brute Force Exploit (0day) by 1N3 @ CrowdShield

crowdshield.com

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%