- Notifications
You must be signed in to change notification settings - Fork198
Wordpress XMLRPC System Multicall Brute Force Exploit (0day) by 1N3 @ CrowdShield
1N3/Wordpress-XMLRPC-Brute-Force-Exploit
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
Wordpress XMLRPC System Multicall Brute Force Exploit by 1N3Last Updated: 20170215https://crowdshield.com
This is an exploit for Wordpress xmlrpc.php System Multicall function affecting the most current version of Wordpress (3.5.1). The exploit works by sending 1,000+ auth attempts per request to xmlrpc.php in order to "brute force" valid Wordpress users and will iterate through whole wordlists until a valid user response is acquired. It will then selectively acquire and display the valid username and password to login.
./wp-xml-brute http://target.com/xmlrpc.php passwords.txt username1 [username2] [username3]...This software is free to distribute, modify and use with the condition that credit is provided to the creator (1N3@CrowdShield) and is not for commercial use.
Donations are welcome. This will help fascilitate improved features, frequent updates and better overall support.
- BTC 1Fav36btfmdrYpCAR65XjKHhxuJJwFyKum
- DASH XoWYdMDGb7UZmzuLviQYtUGb5MNXSkqvXG
- ETH 0x20bB09273702eaBDFbEE9809473Fd04b969a794d
- LTC LQ6mPewec3xeLBYMdRP4yzeta6b9urqs2f
About
Wordpress XMLRPC System Multicall Brute Force Exploit (0day) by 1N3 @ CrowdShield
Topics
Resources
Uh oh!
There was an error while loading.Please reload this page.
Stars
Watchers
Forks
Releases
Packages0
Uh oh!
There was an error while loading.Please reload this page.
Contributors6
Uh oh!
There was an error while loading.Please reload this page.