To do this we will use a 3rd party site called Webhook that way we are not exposing our IP address to target site.

Start by going to your target wordpress site, clicking on one of their blog post.

Right click > click view source
Hold Ctrl+F > search for 'pingback'

If pingbacks are enabled, you will find it inside the 'href' attribute, which should look like:

<link rel="pingback" href="https://wordpressite.com/xmlrpc.php">

Take note of the pingback URL and the full URL of the blog post.

Now head over to https://webhook.site and you should be greeted with a "Waiting for request..." sidebar.

Let that sit. Open a new tab. Visit https://reqbin.com/

Click on 'content' > choose 'XML (application/xml) as your content type

Now change the 'GET' drop down option to 'POST' and paste your pingback URL into the search bar. Then download the below template to copy and paste it into the 'XML' text area. Make sure to replace both template URLs with your own.

The first URL is the one provided from webhook.site and the second is the URL from your target WordPress blog.

XML Version
Download the xml file
xmlversion.xml
393 Bytes
download-circle
Text Version
Download the plain txt file
txtversion.txt
393 Bytes
download-circle

Once the template is pasted in and you have enter your URLs, click "Send" and wait for the server to respond. If the server redirects you to the homepage there is a fair chance that there is software that blocks pingbacks.

If pingbacks are blocked, this method wont work.

To check if it was successful, go back to your webhook.site tab and check the request log. You should see a new IP address in the 'Host' section.

From there you can take that IP and run with it.

Tagged in:

Security