From b11fd48b053193757b8345013c4e84d0491743d8 Mon Sep 17 00:00:00 2001
From: Christian Mehlmauer <firefart@gmail.com>
Date: Mon, 14 Jan 2013 17:06:52 +0100
Subject: [PATCH] implemented juans feedback

---
 ...t.rb => wp_w3_total_cache_hash_extract.rb} | 30 ++++++++++---------
 1 file changed, 16 insertions(+), 14 deletions(-)
 rename modules/auxiliary/gather/{w3_total_cache_hash_extract.rb => wp_w3_total_cache_hash_extract.rb} (80%)

diff --git a/modules/auxiliary/gather/w3_total_cache_hash_extract.rb b/modules/auxiliary/gather/wp_w3_total_cache_hash_extract.rb
similarity index 80%
rename from modules/auxiliary/gather/w3_total_cache_hash_extract.rb
rename to modules/auxiliary/gather/wp_w3_total_cache_hash_extract.rb
index c20bff330f..2ef06e3d1e 100644
--- a/modules/auxiliary/gather/w3_total_cache_hash_extract.rb
+++ b/modules/auxiliary/gather/wp_w3_total_cache_hash_extract.rb
@@ -16,17 +16,18 @@ class Metasploit3 < Msf::Auxiliary
 	def initialize
 		super(
 				'Name'          => 'W3-Total-Cache Wordpress-plugin 0.9.2.4 (or before) Username and Hash Extract',
-				'Description'   => %q{
-					The W3-Total-Cache Wordpress Plugin can cache database statements and it's results in files for
-					fast access.
-					These files are in the webroot of the Wordpress installation and can be downloaded.
-					This modules tries to find usernames and password hashes in these files.
-					Vulnerable Versions: <= 0.9.2.4
-					Version 0.9.2.4 has been fixed afterwards so it can be vulnerable.
-				},
+				'Description'   =>
+						"The W3-Total-Cache Wordpress Plugin <= 0.9.24 can cache database statements
+						and it's results in files for fast access. Version 0.9.2.4 has been fixed afterwards
+						so it can be vulnerable. These cache files are in the webroot of the Wordpress
+						installation and can be downloaded if the name is guessed. This modules tries to
+						locate them with brute force in order to find usernames and password hashes in these
+						files. W3 Total Cache must be configured with Database Cache enabled and Database
+						Cache Method set to Disk to be vulnerable",
 				'License'       => MSF_LICENSE,
 				'References'    =>
 						[
+								[ 'OSVDB', '88744'],
 								[ 'URL', 'http://seclists.org/fulldisclosure/2012/Dec/242']
 						],
 				'Author'        =>
@@ -105,12 +106,13 @@ class Metasploit3 < Msf::Auxiliary
 					print_good("Username: #{match[0]}")
 					print_good("Password Hash: #{match[1]}")
 					report_auth_info(
-							:host	 => rhost,
-							:port	 => rport,
-							:sname	=> ssl ? "https" : "http",
-							:user	 => match[0],
-							:pass	 => match[1],
-							:active => true
+							:host   => rhost,
+							:port   => rport,
+							:sname  => ssl ? "https" : "http",
+							:user   => match[0],
+							:pass   => match[1],
+							:active => true,
+							:type   => "hash"
 					)
 					users_found = true
 				end