Add wordpress masive bruteforce using XMLRPC (wordpress API)

2015-11-09 17:37:06 +03:00 · 2015-11-09 17:37:06 +03:00 · b571a79b69
parent d498dc46a1
commit b571a79b69
1 changed files with 2 additions and 8 deletions
--- a/modules/auxiliary/scanner/http/wordpress_xmlrpc_massive_bruteforce.rb
+++ b/modules/auxiliary/scanner/http/wordpress_xmlrpc_massive_bruteforce.rb
@ -56,7 +56,7 @@ class Metasploit3 < Msf::Auxiliary

    print_warning('Generating XMLs may take a while depends on the list file(s) size.') if passwords.size > 1500
    xml_payloads = []                          # Container for all generated XMLs
-    xml = ""
+    xml = ''
    # Evil XML | Limit number of log-ins to 1500/request for wordpress limitation
    passwords.each_slice(1500) do |pass_group|

@ -113,9 +113,7 @@ class Metasploit3 < Msf::Auxiliary
  end

  def parse_response(res)
-
    resp.scan(/Incorrect username or password/)
-
  end

  def run
@ -143,10 +141,6 @@ class Metasploit3 < Msf::Auxiliary

        # Request Parser
        req_xml = Nokogiri::Slop xml
-        # Request length
-        # total_req  =  req_xml.document.methodCall.params.param.value.array.data.value.size
-        # print_status("Totla number of combinations: #{total_req}")
-
        # Response Parser
        res_xml = Nokogiri::Slop response.to_s.scan(/<.*>/).join

@ -164,7 +158,7 @@ class Metasploit3 < Msf::Auxiliary
            end end
        rescue NoMethodError
          print_error("It seems you got blocked!")
-          print_warning("I'll sleep for 6 minutes then I'll try  again. CTR+C to exit")
+          print_warning("I'll sleep for 6 minutes then I'll try again. CTR+C to exit")
          sleep 6 * 60
          retry
          # return :abort