β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦#webhacking another Wordpress XMLRPC System Multicall Brute Force Exploit :
HOW IT WORK'S ?
This is an exploit for Wordpress xmlrpc.php System Multicall function affecting the most current version of Wordpress (3.5.1). The exploit works by sending 1,000+ auth attempts per request to xmlrpc.php in order to "brute force" valid Wordpress users and will iterate through whole wordlists until a valid user response is acquired. It will then selectively acquire and display the valid username and password to login.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) git clone https://github.com/1N3/Wordpress-XMLRPC-Brute-Force-Exploit.git
2) ./wp-xml-brute http://target.com/xmlrpc.php passwords.txt username1 username2 username3...
THAT'S ALL :)
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦#webhacking another Wordpress XMLRPC System Multicall Brute Force Exploit :
HOW IT WORK'S ?
This is an exploit for Wordpress xmlrpc.php System Multicall function affecting the most current version of Wordpress (3.5.1). The exploit works by sending 1,000+ auth attempts per request to xmlrpc.php in order to "brute force" valid Wordpress users and will iterate through whole wordlists until a valid user response is acquired. It will then selectively acquire and display the valid username and password to login.
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) git clone https://github.com/1N3/Wordpress-XMLRPC-Brute-Force-Exploit.git
2) ./wp-xml-brute http://target.com/xmlrpc.php passwords.txt username1 username2 username3...
THAT'S ALL :)
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - 1N3/Wordpress-XMLRPC-Brute-Force-Exploit: Wordpress XMLRPC System Multicall Brute Force Exploit (0day) by 1N3 @ CrowdShield
Wordpress XMLRPC System Multicall Brute Force Exploit (0day) by 1N3 @ CrowdShield - 1N3/Wordpress-XMLRPC-Brute-Force-Exploit