use the redirect_to parameter on bruteforce
This commit is contained in:
Christian Mehlmauer
2
.gitignore
vendored
2
.gitignore
vendored
@@ -8,3 +8,5 @@ coverage
|
|||||||
Gemfile.lock
|
Gemfile.lock
|
||||||
log.txt
|
log.txt
|
||||||
.yardoc
|
.yardoc
|
||||||
|
debug.log
|
||||||
|
wordlist.txt
|
||||||
|
|||||||
@@ -28,14 +28,19 @@ class WpUser < WpItem
|
|||||||
progress_bar = self.progress_bar(passwords.size, options)
|
progress_bar = self.progress_bar(passwords.size, options)
|
||||||
|
|
||||||
passwords.each do |password|
|
passwords.each do |password|
|
||||||
request = login_request(password)
|
# A successfull login will redirect us to the redirect_to parameter
|
||||||
|
# Generate a radom one on each request
|
||||||
|
random = (0...8).map { 65.+(rand(26)).chr }.join
|
||||||
|
redirect_url = "#{@uri}#{random}/"
|
||||||
|
|
||||||
|
request = login_request(password, redirect_url)
|
||||||
|
|
||||||
request.on_complete do |response|
|
request.on_complete do |response|
|
||||||
progress_bar.progress += 1 if options[:show_progression] && !found
|
progress_bar.progress += 1 if options[:show_progression] && !found
|
||||||
|
|
||||||
puts "\n Trying Username : #{login} Password : #{password}" if options[:verbose]
|
puts "\n Trying Username : #{login} Password : #{password}" if options[:verbose]
|
||||||
|
|
||||||
if valid_password?(response, password, options)
|
if valid_password?(response, password, redirect_url, options)
|
||||||
found = true
|
found = true
|
||||||
self.password = password
|
self.password = password
|
||||||
return
|
return
|
||||||
@@ -73,25 +78,27 @@ class WpUser < WpItem
|
|||||||
# :nocov:
|
# :nocov:
|
||||||
|
|
||||||
# @param [ String ] password
|
# @param [ String ] password
|
||||||
|
# @param [ String ] redirect_url
|
||||||
#
|
#
|
||||||
# @return [ Typhoeus::Request ]
|
# @return [ Typhoeus::Request ]
|
||||||
def login_request(password)
|
def login_request(password, redirect_url)
|
||||||
Browser.instance.forge_request(login_url,
|
Browser.instance.forge_request(login_url,
|
||||||
method: :post,
|
method: :post,
|
||||||
body: { log: login, pwd: password },
|
body: { log: login, pwd: password, redirect_to: redirect_url },
|
||||||
cache_ttl: 0
|
cache_ttl: 0
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
|
|
||||||
# @param [ Typhoeus::Response ] response
|
# @param [ Typhoeus::Response ] response
|
||||||
# @param [ String ] password
|
# @param [ String ] password
|
||||||
|
# @param [ String ] redirect_url
|
||||||
# @param [ Hash ] options
|
# @param [ Hash ] options
|
||||||
# @option options [ Boolean ] :verbose
|
# @option options [ Boolean ] :verbose
|
||||||
# @option options [ Boolean ] :show_progression
|
# @option options [ Boolean ] :show_progression
|
||||||
#
|
#
|
||||||
# @return [ Boolean ]
|
# @return [ Boolean ]
|
||||||
def valid_password?(response, password, options = {})
|
def valid_password?(response, password, redirect_url, options = {})
|
||||||
if response.code == 302
|
if response.code == 302 && response.headers_hash['Location'] == redirect_url
|
||||||
progression = "#{green('[SUCCESS]')} Login : #{login} Password : #{password}\n\n"
|
progression = "#{green('[SUCCESS]')} Login : #{login} Password : #{password}\n\n"
|
||||||
valid = true
|
valid = true
|
||||||
elsif response.body =~ /login_error/i
|
elsif response.body =~ /login_error/i
|
||||||
|
|||||||
Reference in New Issue
Block a user