Do a version check

This attack is not suitable for newer versions due to the mitigation in place.
2016-01-20 17:14:44 -06:00 · 2016-01-20 17:14:44 -06:00 · fcaef76215
parent 911bcc7792
commit fcaef76215
1 changed files with 4 additions and 0 deletions
--- a/modules/auxiliary/scanner/http/wordpress_xmlrpc_login.rb
+++ b/modules/auxiliary/scanner/http/wordpress_xmlrpc_login.rb
@ -61,6 +61,8 @@ class Metasploit3 < Msf::Auxiliary

  def check_setup
    vprint_status("Checking #{peer} status!")
+    version = wordpress_version
+    vprint_status("Found Wordpress version: #{version}")

    if !wordpress_and_online?
      print_error("#{peer}:#{rport}#{target_uri} does not appear to be running Wordpress or you got blocked! (Do Manual Check)")
@ -68,6 +70,8 @@ class Metasploit3 < Msf::Auxiliary
    elsif !wordpress_xmlrpc_enabled?
      print_error("#{peer}:#{rport}#{wordpress_url_xmlrpc} does not enable XMLRPC")
      false
+    elsif Gem::Version.new(version) >= Gem::Version.new('4.4.1')
+      false
    else
      print_status("Target #{peer} is running Wordpress")
      true