faultCode - faultString for all attempts?

[jdkarbor]

Despite my best efforts to make this work, I've had no success. After uncommenting all "print content" it shows that all attempts are a fault? Tried the included passwords.txt, along with kali's wonderful rockyou list. no luck. Any ideas?

</struct></value>
  <value><struct>
  <member><name>faultCode</name><value><int>403</int></value></member>
  <member><name>faultString</name><value><string>Incorrect username or password.</string></value></member>
</struct></value>
  <value><struct>
  <member><name>faultCode</name><value><int>403</int></value></member>
  <member><name>faultString</name><value><string>Incorrect username or password.</string></value></member>
</struct></value>
  <value><struct>
  <member><name>faultCode</name><value><int>403</int></value></member>
  <member><name>faultString</name><value><string>Incorrect username or password.</string></value></member>
</struct></value>
</data></array>
      </value>
    </param>
  </params>
</methodResponse>

`

faultCode -32700 faultString parse error. not well formed

` Attempting a different username, graced me with this output.

[1N3]

Not sure exactly but 403 codes usually indicate access denied. It could be that XML-RPC requests are disabled on the server or that there's a security plugin enabled that's preventing login requests via xmlrpc.php. I'm not sure if this vuln has been patched or not but it's also possible that the version of Wordpress you're testing isn't vulnerable as well.