infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add wordpress masive bruteforce using XMLRPC (wordpress API)

bug/bundler_fix
KINGSABRI 2015-11-09 17:37:06 +03:00
parent d498dc46a1
commit b571a79b69
1 changed files with 2 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
modules/auxiliary/scanner/http/wordpress_xmlrpc_massive_bruteforce.rb
View File

@ -56,7 +56,7 @@ class Metasploit3 < Msf::Auxiliary
print_warning('Generating XMLs may take a while depends on the list file(s) size.') if passwords.size > 1500 print_warning('Generating XMLs may take a while depends on the list file(s) size.') if passwords.size > 1500
xml_payloads = [] # Container for all generated XMLs xml_payloads = [] # Container for all generated XMLs
xml = "" xml = ''
# Evil XML | Limit number of log-ins to 1500/request for wordpress limitation # Evil XML | Limit number of log-ins to 1500/request for wordpress limitation
passwords.each_slice(1500) do |pass_group| passwords.each_slice(1500) do |pass_group|
@ -113,9 +113,7 @@ class Metasploit3 < Msf::Auxiliary
end end
def parse_response(res) def parse_response(res)
resp.scan(/Incorrect username or password/) resp.scan(/Incorrect username or password/)
end end
def run def run
@ -143,10 +141,6 @@ class Metasploit3 < Msf::Auxiliary
# Request Parser # Request Parser
req_xml = Nokogiri::Slop xml req_xml = Nokogiri::Slop xml
# Request length
# total_req = req_xml.document.methodCall.params.param.value.array.data.value.size
# print_status("Totla number of combinations: #{total_req}")
# Response Parser # Response Parser
res_xml = Nokogiri::Slop response.to_s.scan(/<.*>/).join res_xml = Nokogiri::Slop response.to_s.scan(/<.*>/).join