infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add WPCHECK (Bool) advanced option to Exploit::Remote::HTTP::Wordpress

GSoC/Meterpreter_Web_Console
Brendan Coles 2018-07-11 07:09:28 +00:00
parent c2094c8ca8
commit df2f58fb08
2 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/msf/core/exploit/http/wordpress.rb
View File

@ -38,7 +38,8 @@ module Msf
register_advanced_options(
[
Msf::OptString.new('WPCONTENTDIR', [true, 'The name of the wp-content directory', 'wp-content'])
Msf::OptString.new('WPCONTENTDIR', [true, 'The name of the wp-content directory', 'wp-content']),
Msf::OptBool.new('WPCHECK', [true, 'Check if the website is a valid WordPress install', true]),
], Msf::Exploit::Remote::HTTP::Wordpress
)
end

5
lib/msf/core/exploit/http/wordpress/base.rb
View File

@ -5,6 +5,11 @@ module Msf::Exploit::Remote::HTTP::Wordpress::Base
#
# @return [Rex::Proto::Http::Response,nil] Returns the HTTP response if the site is online and running wordpress, nil otherwise
def wordpress_and_online?
unless datastore['WPCHECK']
vprint_status 'Skipping WordPress check...'
return true
end
wordpress_detect_regexes = [
/["'][^"']*\/#{Regexp.escape(wp_content_dir)}\/[^"']*["']/i,
/<link rel=["']wlwmanifest["'].*href=["'].*\/wp-includes\/wlwmanifest\.xml["'] \/>/i,