1N3
commented
8 years ago Thanks for the feedback! I'll definitely look into some of these features and will let you know.
Closed aress31 closed 7 years ago
1N3
commented
8 years ago Thanks for the feedback! I'll definitely look into some of these features and will let you know.
aress31
commented
8 years ago You are welcome! Also being able to input a username list (text file containing one username per lines) and to set the number of wp.getUsersBlog method calls inside of the system.multicall would be welcome.
LucasRoot
commented
7 years ago It would be great too to add a proxy function. Thanks!
LucasRoot
commented
7 years ago You could use environment variables, like this: os.environ['http_proxy'] = '127.0.0.1:8080'
chunkingz
commented
7 years ago all nice but u guys could always modify and set a pull request with the necesaary changes, if u have the skills to...
1N3
commented
7 years ago @AresS31 latest script improvements now supports an array of usernames. Closing this out for now to cleanup the backlog but if anyone has any other improvements, please send a pull request.
Hi, Nice script! It would be even better if a verbose mode (-v) could be implemented to make sure that everything is going according to our plans (it is boring to monitor the network activity with tcpdump :) ). Moreover, if any initial tests could be performed before launching the attack to make sure that the target is 100% vulnerable to the amplified xmlrpc brute forcing attack it would be a very good feature (a security mechanismes is to return false response for all the requests as soon as a single request with incorrect credentials has been made, no matter if the next one has valid credentials). Adding multithreading and proxy capabilities would be a good idea as well. Best regards, Alexandre