any ideas? Py -v 2.7.12

[Kn053LpH]

root@amazon:~/pentest/Wordpress-XMLRPC-Brute-Force-Exploit# python2 Python 2.7.12+ (default, Sep 1 2016, 20:27:38) [GCC 6.2.0 20160822] on linux2 Type "help", "copyright", "credits" or "license" for more information.

import requests Traceback (most recent call last): File "", line 1, in ImportError: No module named requests

root@amazon:~/pentest/Wordpress-XMLRPC-Brute-Force-Exploit# pip install requestsRequirement already satisfied: requests in /usr/local/lib/python2.7/dist-packages

sorry but thanks :D

[Kn053LpH]

should have posted this above sorry :

root@amazon:~/pentest/Wordpress-XMLRPC-Brute-Force-Exploit# python2 wordpress-xmlrpc-brute.py http://127.0.0.1/wordpress/xmlrpc.php passwords.txt admin Traceback (most recent call last): File "wordpress-xmlrpc-brute.py", line 14, in import time, requests, sys, ssl ImportError: No module named requests

[Kn053LpH]

always import errors, wondering what version of py it was tested with so I may be able to try that ?

[1N3]

Hi, I'm running python 2.7.3. There's been some issues with people running older versions of python since the script was recently updated/redone with newer libs. I'd try upgrading to at least 2.7.3 to see if that does the trick.

[Kn053LpH]

Hmmm I have 2.7.12 now but I think the upgrade is the issue because I think ssl is removed but the error I get is no module named requests but I have requests lol .... head basher here cuz I have petty basic knowledge of python at best and love the look of this script .... beats manually whiting out and burp suite

[Kn053LpH]

I appreciate your help though

[1N3]

You probably already did this but it sounds like the requests library isn't installed for your current python version. Have you tried running 'pip install requests'?

[1N3]

another solution I see online is to first run pip uninstall requests followed by pip install requests to re-install the latest version.

[Kn053LpH]

yes and says requirement is satisfied in usr/local/lib/python2.7/dist-packages, I may try an altinstall with 2.7.3

[Kn053LpH]

lol tried that too with no success , I even reinstalled python

[Kn053LpH]

so setting up virtualenv and running from there I no longer get import errors but still some issues trying to work around

[Kn053LpH]

it seems as though post requests are being sent but I get no output from script, I notice the 506 code but I have a perl script that works against the target.

here is a log entry from apache :

127.0.0.1 - - [25/Feb/2017:12:46:38 -0700] "POST /wordpress/xmlrpc.php HTTP/1.1" 200 506 "-" "python-requests/2.13.0"

[Kn053LpH]

sorry to bombard you . Fairly noobish but ocd about getting things to work .

[1N3]

hey, just updated the repo with the first (older version) of the exploit that should work with older python versions. Give that a try and see if that helps.

[Kn053LpH]

awesome , you rock man ! I'll test it out after work tomorrow but I feel like this might be my solution.

[xbhell]

its all wordpress version is vuln to this method?

[Isuru-Nanayakkara]

I'm getting a similar error.

Traceback (most recent call last): File "./wordpress-xmlrpc-brute-v1.py", line 12, in import urllib, urllib2, sys, getopt, requests, ssl ImportError: No module named requests

I updated my Python to v2.7.13 and uninstalled the existing requests and reinstalled via pip install requests to v2.13.0.

Still getting the error :(

[abimanis]

I have found same issue but when I remove the request module which is not use anymore in the script, Now it works correctly

[1N3]

This should be fixed now in the latest public repo.