xmlrpc-bruteforcer
October 15, 2022 ยท View on GitHub
Bruteforcing CMS users' passwords via the XMLRPC interface.
This script is a PoC for the Brute Force Amplification Attack exploit against XMLRPC interfaces enabling the _system.multicall()_ method (enabled by default).
The _system.multicall()_ method allows multiple calls to be sent within a single HTTP request. Using this "wrapper", malicious attackers can carry out a large number of login attempts (bruteforce) with a minimal network impact, consequently making them stealthier and more efficient.
At the moment, the maximum number of calls which can be encapsulated within the _system.multicall()_ method without triggering a networking error is 1999 calls meaning that for each HTTP request sent 1999 different login attempts are performed.
More information about the bruteforce amplification attack can be found at:
Important
This script has been sucessfully tested against WordPress versions < 4.4.
Installation
-
Download this repository:
git clone https://github.com/AresS31/xmlrpc-bruteforcer cd .\xmlrpc-bruteforcer -
Install the dependencies:
pip install -r requirements.txt
Running on Docker
cd .\xmlrpc-bruteforcer
docker build -t xmlrpc-bruteforcer .
docker run --rm -v $(pwd):/wordlists xmlrpc-bruteforcer -u admin -w /wordlists/wordlist.txt -t 3 -x https://wordpress.local/xmlrpc.php
Usage
python3 xmlrpc-bruteforce.py -u [username] -w [wordlist] -x [xmlrpc_intf] -t [threads_number] -c [chunks_size] -v [verbose] -h [help]
[-u]: username of the targeted user, required
[-w]: wordlist containing the passwords to try, required
[-x]: xmlrpc interface to attack, required
[-t]: number of threads to run, optional, default value: 5
[-c]: number of calls to encapsulate within a system.mullticall() call, optional, default value: 1999
[-v]: print debugging information, optional, default value: False
[-h]: print help
Roadmap
- Debug the
tqdmandsys.stdoutprinting issues. - Improve the quality of the source code.
Sponsor ๐
If you want to support this project and appreciate the time invested in developping, maintening and extending it; consider donating toward my next cup of coffee. โ
It is easy, all you got to do is press the Sponsor button at the top of this page or alternatively click this link. ๐ธ
Reporting Issues
Found a bug? I would love to squash it! ๐
Please report all issues on the GitHub issues tracker.
Contributing
You would like to contribute to better this project? ๐คฉ
Please submit all PRs on the GitHub pull requests tracker.
License
See LICENSE.