garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

show_progression used in brute forcing

Browse Source
This commit is contained in:
erwanlr
2013-01-04 15:30:35 +01:00
parent c0eadd22db
commit 42c68fe683
3 changed files with 26 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
lib/wpscan/modules/brute_force.rb
View File

@@ -20,11 +20,14 @@ module BruteForce
# param array of string logins # param array of string logins
# param string wordlist_path # param string wordlist_path
def brute_force(logins, wordlist_path) # param hash options
# boolean :show_progression If true, will output the details (Sucess, error etc)
def brute_force(logins, wordlist_path, options = {})
hydra = Browser.instance.hydra hydra = Browser.instance.hydra
number_of_passwords = BruteForce.lines_in_file(wordlist_path) number_of_passwords = BruteForce.lines_in_file(wordlist_path)
login_url = login_url() login_url = login_url()
found = [] found = []
show_progression = options[:show_progression] || false
logins.each do |login| logins.each do |login|
queue_count = 0 queue_count = 0
@@ -41,7 +44,7 @@ module BruteForce
queue_count += 1 queue_count += 1
# create local vars for on_complete call back, Issue 51. # create local vars for on_complete call back, Issue 51.
username = login.name != 'empty' ? login.name : login.nickname # Issue #66 username = login.name != 'empty' ? login.name : login.nickname # Issue #66
password = password password = password
# the request object # the request object
@@ -61,23 +64,23 @@ module BruteForce
if response.body =~ /login_error/i if response.body =~ /login_error/i
puts "\nIncorrect username and/or password." if @verbose puts "\nIncorrect username and/or password." if @verbose
elsif response.code == 302 elsif response.code == 302
puts "\n " + green("[SUCCESS]") + " Username : #{username} Password : #{password}\n" puts "\n " + green("[SUCCESS]") + " Username : #{username} Password : #{password}\n" if show_progression
found << { :name => username, :password => password } found << { :name => username, :password => password }
password_found = true password_found = true
elsif response.timed_out? elsif response.timed_out?
puts red("ERROR:") + " Request timed out." puts red("ERROR:") + " Request timed out." if show_progression
elsif response.code == 0 elsif response.code == 0
puts red("ERROR:") + " No response from remote server. WAF/IPS?" puts red("ERROR:") + " No response from remote server. WAF/IPS?" if show_progression
# code is a fixnum, needs a string for regex # code is a fixnum, needs a string for regex
elsif response.code.to_s =~ /^50/ elsif response.code.to_s =~ /^50/
puts red("ERROR:") + " Server error, try reducing the number of threads." puts red("ERROR:") + " Server error, try reducing the number of threads." if show_progression
else else
puts "\n" + red("ERROR:") + " We recieved an unknown response for #{password}..." puts "\n" + red("ERROR:") + " We recieved an unknown response for #{password}..." if show_progression
if @verbose
puts red("Code: #{response.code.to_s}") # ugly method to get the coverage :/ (otherwise some output is present in the rspec)
puts red("Body: #{response.body}") puts red("Code: #{response.code.to_s}") if @verbose
puts puts red("Body: #{response.body}") if @verbose
end puts if @verbose
end end
end end
@@ -88,7 +91,7 @@ module BruteForce
hydra.queue(request) hydra.queue(request)
# progress indicator # progress indicator
print "\r Brute forcing user '#{username}' with #{number_of_passwords} passwords... #{(request_count * 100) / number_of_passwords}% complete." print "\r Brute forcing user '#{username}' with #{number_of_passwords} passwords... #{(request_count * 100) / number_of_passwords}% complete." if show_progression
# it can take a long time to queue 2 million requests, # it can take a long time to queue 2 million requests,
# for that reason, we queue @threads, send @threads, queue @threads and so on. # for that reason, we queue @threads, send @threads, queue @threads and so on.

16
spec/lib/wpscan/modules/brute_force_spec.rb
View File

@@ -25,7 +25,7 @@ shared_examples_for "BruteForce" do
@username = "admin" @username = "admin"
@module.extend(BruteForce) @module.extend(BruteForce)
@module.verbose = true #@module.verbose = true
Browser.instance.max_threads = 1 Browser.instance.max_threads = 1
end end
@@ -49,11 +49,13 @@ shared_examples_for "BruteForce" do
end end
# Last status must be 302 to get full code coverage # Last status must be 302 to get full code coverage
passwords.each do || passwords.each do ||
stub_request(:any, @module.login_url).to_return( { :status => 200, :body => "login_error" }, stub_request(:any, @module.login_url).to_return(
{ :status => 0, :body => "no reponse" }, { :status => 200, :body => "login_error" },
{ :status => 50, :body => "server error" }, { :status => 0, :body => "no reponse" },
{ :status => 999, :body => "invalid" }, { :status => 50, :body => "server error" },
{ :status => 302, :body => "FOUND!" }) { :status => 999, :body => "invalid" },
{ :status => 302, :body => "FOUND!" }
)
end end
user = WpUser.new("admin", 1, nil) user = WpUser.new("admin", 1, nil)
@@ -69,4 +71,4 @@ shared_examples_for "BruteForce" do
result.should == [] result.should == []
end end
end end
end end

2
wpscan.rb
View File

@@ -400,7 +400,7 @@ begin
puts puts
puts green("[+]") + " Starting the password brute forcer" puts green("[+]") + " Starting the password brute forcer"
puts puts
wp_target.brute_force(usernames, wpscan_options.wordlist) wp_target.brute_force(usernames, wpscan_options.wordlist, {:show_progression => true})
else else
puts puts
puts "Brute forcing aborted" puts "Brute forcing aborted"