HTB academy Wordpress hacking login

Hi All,

I working on Wordpress hacking login and try call method by system.listMethods first ,

curl -X POST -d “system.listMethods”

in response i receive method * 100

i add to method wc -l and grep “wp” and count the number the results, but academy didn’t accept my answer

Any idea u guys can share?

1 Like

Follow the CURL POST REQUEST tutorial on the page and replace wp.getUsersBlogs with system.listMethods

you can find info about system.listMethods here WP system.listMethods

curl -s -X POST -d "<methodCall><methodName>system.listMethods</methodName><params><param><value>admin</value></param><param><value>CORRECT-PASSWORD</value></param></params></methodCall>" http://<web_host_here>/xmlrpc.php

you can use the below to count

 | grep 'value' | wc -1

and… don’t forget to replace <web_host_here> with your target ip host

1 Like

Hotttttt thanks . It’s works :smiling_face_with_three_hearts: