Wordpress Xmlrpc Attack - Bash Script - RF Special
by kehanet00 - May 03, 2021 at 05:27 PM
#1


What is XMLRPC?

XML-RPC is a WordPress feature that enables data transfer by working as a type of transport mechanism of HTTP and the encoding mechanism of XML. Since WordPress itself is not a closed system and needs to communicate with other systems occasionally, the xmlrpc.php file was considered to perform this work.

XML-RPC has two major weaknesses that have been exploited in the past.

The first is the use of brute force attacks to gain access to your site. The attacker is trying to gain access to your site by trying combinations of passwords and usernames using the XMLRPC.php file. They can try hundreds of different passwords using just one command. This allows them to bypass security tools that can often detect and prevent brute force attacks.


https://sql.gg/manage/4zLInqmQFQK5frp5h-hoEExExkcJCqju

-------------
+10,000 passwords can try
It works without being caught in security.

If getting username with option 1 doesn't work, you can try this alternative method.

site.com/?author=1 
site.com/?author=2
site.com/?author=3
Reply
#2
Your link with the option to delete the file dude. So please reload the file
Reply
#3
(May 04, 2021 at 01:32 PM)ninexdz Wrote: Your link with the option to delete the file dude. So please reload the file

lol https://sql.gg/download/F6LoD2HHobNbbdUx...P_NUtmo9JZ
Reply
#4
(May 04, 2021 at 01:55 PM)kehanet00 Wrote:
(May 04, 2021 at 01:32 PM)ninexdz Wrote: Your link with the option to delete the file dude. So please reload the file

lol https://sql.gg/download/F6LoD2HHobNbbdUx...P_NUtmo9JZ

thanks )
Reply
#5
I tought , it was a real exploit. but it's better than nothing
Reply
#6
(Yesterday at 12:35 AM)r0cker Wrote: I tought , it was a real exploit. but it's better than nothing

You can't expect everything from me, man, the script works fine, make a password list for the target site. You could have thanked me instead, anyway
Reply
#7
link not found, please update link again.
thanks
Reply
#8
thanks for sharing this
Reply
#9
update link again pls, file not found
Reply
#10
(4 hours ago)NoXuSeR Wrote: update link again pls, file not found

https://sql.gg/download/F6LoD2HHobNbbdUx...P_NUtmo9JZ
Reply
#11
still can't download your file, maybe another file hosting?
Reply

Possibly Related Threads…
Thread Author Replies Views Last Post
ARES RAT v2.4.2 GLEAM Ransomware Attack Cyber_Bot 10 1,298 March 31, 2021 at 12:10 AM
Last Post: trinidad6
instahack is a bash based script which is officially made to test password strength o teamkelvinsecteam 1 243 February 20, 2021 at 04:38 PM
Last Post: garbagenamedata
Mail-Access-Bruter This python performs brute force attack for mail access teamkelvinsecteam 3 472 February 03, 2021 at 02:29 AM
Last Post: Alpha5050

 Users browsing this thread: 2 Guest(s)