-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
No Valid Passwords Found #1755
Comments
Such attack was patched in WP 4.4, so using xmlrpc-multicall will only work for blogs using WP below 4.4. That's why when not setting the |
Now that you say this... I remember vaguely that I saw that it was patched a while ago. |
You're welcome, I've updated the |
When I perform a XML-RPC password attack with multicall, it always gives me a "No Valid Passwords Found" notification at the end.
I know that the maximum number of passwords to send by request with XMLRPC multicall is 500 at a time. I'd really like to use this multicall instead of singlecall.
I used a wordlist that was 500 lines long, made sure that it was UTF8, and I am 100% positive that the correct password is in the list.
sudo wpscan --url example.com --rua -U username -P test --password-attack xmlrpc-multicall -v
Obviously I did not use example.com and I used my correct username.
If I perform a password attack with nothing specified, it uses XML-RPC and it uses singlecall, and if the password is in the dictionary, it works. But this takes too long.
Any suggestions?
The text was updated successfully, but these errors were encountered: