Skip to content

Latest commit

 

History

History
41 lines (29 loc) · 1.23 KB

README.md

File metadata and controls

41 lines (29 loc) · 1.23 KB

XMLRPC-BRUTE

Codefactor

Help me!

Saweria

Paypal.me

This is an exploit for Wordpress xmlrpc.php System Multicall function affecting the most current version of Wordpress. The exploit works by sending 1,000+ auth attempts per request to xmlrpc.php in order to "brute force" valid Wordpress users and will iterate through whole wordlists until a valid user response is acquired. It will then selectively acquire and display the valid username and password to login.

Requirements

  • NodeJS

Install

$ git clone https://github.com/ibnusyawall/xmlrpc-git.git
$ cd xmlrpc-brute
$ npm i
$ node . --help

Usage

# run
$ node . --siteList <path/to/list> --userList <path/to/list> --passList <path/to/list>

# help
$ node . --help

# example
$ node . --siteList site.txt --userList user.txt --passList pass.txt

Any question? contact me at Whatsapp or Telegram