PHP>> xmlrpc-bruteforcer>> 返回
项目作者: aress31

项目描述 :
Multi-threaded XMLRPC brute forcer using amplification attacks targeting WordPress installations prior to version 4.4.
高级语言: Python
项目地址: git://github.com/aress31/xmlrpc-bruteforcer.git
创建时间: 2016-08-30T09:50:55Z
项目社区:https://github.com/aress31/xmlrpc-bruteforcer
开源协议:Apache License 2.0
下载


xmlrpc-bruteforcer

lang
license

Bruteforcing CMS users’ passwords via the XMLRPC interface.

This script is a PoC for the Brute Force Amplification Attack exploit against XMLRPC interfaces enabling the _system.multicall()_ method (enabled by default).

The _system.multicall()_ method allows multiple calls to be sent within a single HTTP request. Using this “wrapper”, malicious attackers can carry out a large number of login attempts (bruteforce) with a minimal network impact, consequently making them stealthier and more efficient.

At the moment, the maximum number of calls which can be encapsulated within the _system.multicall()_ method without triggering a networking error is 1999 calls meaning that for each HTTP request sent 1999 different login attempts are performed.

More information about the bruteforce amplification attack can be found at:

[!IMPORTANT]
This script has been sucessfully tested against WordPress versions < 4.4.

Installation

  1. Download this repository:

    1. git clone https://github.com/AresS31/xmlrpc-bruteforcer
    2. cd .\xmlrpc-bruteforcer

  2. Install the dependencies:

    1. pip install -r requirements.txt

Running on Docker

  1. cd .\xmlrpc-bruteforcer
  2. docker build -t xmlrpc-bruteforcer .
  3. docker run --rm -v $(pwd):/wordlists xmlrpc-bruteforcer -u admin -w /wordlists/wordlist.txt -t 3 -x https://wordpress.local/xmlrpc.php

Usage

  1. python3 xmlrpc-bruteforce.py -u [username] -w [wordlist] -x [xmlrpc_intf] -t [threads_number] -c [chunks_size] -v [verbose] -h [help]
  2. [-u]: username of the targeted user, required
  3. [-w]: wordlist containing the passwords to try, required
  4. [-x]: xmlrpc interface to attack, required
  5. [-t]: number of threads to run, optional, default value: 5
  6. [-c]: number of calls to encapsulate within a system.mullticall() call, optional, default value: 1999
  7. [-v]: print debugging information, optional, default value: False
  8. [-h]: print help

Roadmap

  • Debug the tqdm and sys.stdout printing issues.
  • Improve the quality of the source code.

Sponsor 💖

If you want to support this project and appreciate the time invested in developping, maintening and extending it; consider donating toward my next cup of coffee. ☕

It is easy, all you got to do is press the Sponsor button at the top of this page or alternatively click this link. 💸

Reporting Issues

Found a bug? I would love to squash it! 🐛

Please report all issues on the GitHub issues tracker.

Contributing

You would like to contribute to better this project? 🤩

Please submit all PRs on the GitHub pull requests tracker.

License

See LICENSE.