1N3/Wordpress-XMLRPC-Brute-Force-Exploit 1N3/Wordpress-XMLRPC-Brute-Force-Exploit

  • Stars
    star
    431
  • Rank 100,164 (Top 2 %)
  • Language
    Python
  • Created almost 9 years ago
  • Updated over 2 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
1N3/Wordpress-XMLRPC-Brute-Force-Exploit
github

1N3

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Wordpress XMLRPC System Multicall Brute Force Exploit (0day) by 1N3 @ CrowdShield

Wordpress XMLRPC System Multicall Brute Force Exploit by 1N3 Last Updated: 20170215 https://crowdshield.com

ABOUT:

This is an exploit for Wordpress xmlrpc.php System Multicall function affecting the most current version of Wordpress (3.5.1). The exploit works by sending 1,000+ auth attempts per request to xmlrpc.php in order to "brute force" valid Wordpress users and will iterate through whole wordlists until a valid user response is acquired. It will then selectively acquire and display the valid username and password to login.

USAGE:

./wp-xml-brute http://target.com/xmlrpc.php passwords.txt username1 [username2] [username3]...

LICENSE:

This software is free to distribute, modify and use with the condition that credit is provided to the creator (1N3@CrowdShield) and is not for commercial use.

DONATIONS:

Donations are welcome. This will help fascilitate improved features, frequent updates and better overall support.

  • BTC 1Fav36btfmdrYpCAR65XjKHhxuJJwFyKum
  • DASH XoWYdMDGb7UZmzuLviQYtUGb5MNXSkqvXG
  • ETH 0x20bB09273702eaBDFbEE9809473Fd04b969a794d
  • LTC LQ6mPewec3xeLBYMdRP4yzeta6b9urqs2f

More Repositories

1

Sn1per

Attack Surface Management Platform
Shell
7,009
star
2

BruteX

Automatically brute force all services running on a target.
Shell
1,741
star
3

Findsploit

Find exploits in local and online databases instantly
Shell
1,499
star
4

BlackWidow

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
Python
1,354
star
5

PrivEsc

A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.
C
913
star
6

Goohak

Automatically Launch Google Hacking Queries Against A Target Domain
Shell
679
star
7

ReverseAPK

Quickly analyze and reverse engineer Android packages
Shell
645
star
8

MassBleed

MassBleed SSL Vulnerability Scanner
Shell
235
star
9

Exploits

Exploits by 1N3 @CrowdShield @xer0dayz @XeroSecurity
Python
188
star
10

PRISM-AP

An automated Wireless RogueAP MITM attack framework.
Shell
156
star
11

XSSTracer

A small python script to check for Cross-Site Tracing (XST)
Python
137
star
12

HTTPoxyScan

HTTPoxy Exploit Scanner by 1N3 @CrowdShield
Python
104
star
13

PowerExfil

A collection of data exfiltration scripts for Red Team assessments.
PowerShell
86
star
14

AttackSurfaceManagement

Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty
Shell
66
star
15

SuperMicro-Password-Scanner

Supermicro IPMI/BMC Cleartext Password Scanner
Shell
40
star
16

CloudHunter

Find unreferenced AWS S3 buckets which have CloudFront CNAME records pointing to them
Python
33
star
17

1N3

Founder of @Sn1perSecurity LLC. Creator of Sn1per. Top 20 worldwide on @bugcrowd in 2016. OSCE/OSCP/CISSP/Security+
22
star
18

CTF-Writeups

CTF Writeups
17
star