Can't find the password

1N3 / Wordpress-XMLRPC-Brute-Force-Exploit

Wordpress XMLRPC System Multicall Brute Force Exploit (0day) by 1N3 @ CrowdShield

https://crowdshield.com

444 stars 198 forks source link

Can't find the password #11

Closed saikoekos closed 7 years ago

saikoekos commented 7 years ago

only attempt failed

./wordpress-xmlrpc-brute.py http://xxxxx/xmlrpc.php wordlist.txt saiko

-- --=[Brute forcing target: http://xxxxx/xmlrpc.php with username: saiko
-- --=[Brute force failed
-- --=[Brute force failed
-- --=[Brute force failed
-- --=[Brute force failed

and the pass is in the wordlist

any idea about what it's happens?

1N3 commented 7 years ago

hmm. Not sure. You can try changing the value of line 86: if count < 1000: to a lower number like 500 or even 100 to see if that changes things. Also try uncommenting out any references for "#print content". This will display the full request/response and may show some errors if there is any.

1N3 commented 7 years ago

by uncomment, I mean simply remove the "#" character from those reference points.