garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

rspecs

Browse Source
This commit is contained in:
Christian Mehlmauer
2013-06-09 15:57:41 +02:00
parent 1bcabbad4c
commit c63beaa35d
2 changed files with 24 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
lib/common/models/wp_user/brute_forcable.rb
View File

@@ -17,9 +17,10 @@ class WpUser < WpItem
# @param [ Hash ] options # @param [ Hash ] options
# @option options [ Boolean ] :verbose # @option options [ Boolean ] :verbose
# @option options [ Boolean ] :show_progression # @option options [ Boolean ] :show_progression
# @param [ String ] redirect_url Override for redirect_url
# #
# @return [ void ] # @return [ void ]
def brute_force(wordlist, options = {}) def brute_force(wordlist, options = {}, redirect_url = nil)
browser = Browser.instance browser = Browser.instance
hydra = browser.hydra hydra = browser.hydra
passwords = BruteForcable.passwords_from_wordlist(wordlist) passwords = BruteForcable.passwords_from_wordlist(wordlist)
@@ -30,8 +31,10 @@ class WpUser < WpItem
passwords.each do |password| passwords.each do |password|
# A successfull login will redirect us to the redirect_to parameter # A successfull login will redirect us to the redirect_to parameter
# Generate a radom one on each request # Generate a radom one on each request
unless redirect_url
random = (0...8).map { 65.+(rand(26)).chr }.join random = (0...8).map { 65.+(rand(26)).chr }.join
redirect_url = "#{@uri}#{random}/" redirect_url = "#{@uri}#{random}/"
end
request = login_request(password, redirect_url) request = login_request(password, redirect_url)
@@ -98,7 +101,7 @@ class WpUser < WpItem
# #
# @return [ Boolean ] # @return [ Boolean ]
def valid_password?(response, password, redirect_url, options = {}) def valid_password?(response, password, redirect_url, options = {})
if response.code == 302 && response.headers_hash['Location'] == redirect_url if response.code == 302 && response.headers_hash && response.headers_hash['Location'] == redirect_url
progression = "#{green('[SUCCESS]')} Login : #{login} Password : #{password}\n\n" progression = "#{green('[SUCCESS]')} Login : #{login} Password : #{password}\n\n"
valid = true valid = true
elsif response.body =~ /login_error/i elsif response.body =~ /login_error/i

20
spec/shared_examples/wp_user/brute_forcable.rb
View File

@@ -58,19 +58,28 @@ shared_examples 'WpUser::BruteForcable' do
describe '#valid_password?' do describe '#valid_password?' do
let(:response) { Typhoeus::Response.new(resp_options) } let(:response) { Typhoeus::Response.new(resp_options) }
let(:resp_options) { {} } let(:resp_options) { {} }
let(:return_to) { 'http://www.example.com/asdf/' }
after do after do
wp_user.valid_password?(response, 'password').should == @expected wp_user.valid_password?(response, 'password', return_to).should == @expected
end end
context 'when 302' do context 'when 302 and valid return_to parameter' do
let(:resp_options) { { code: 302 } } let(:resp_options) { { code: 302, headers: { 'Location' => return_to } } }
it 'returns true' do it 'returns true' do
@expected = true @expected = true
end end
end end
context 'when 302 and invalid return_to parameter' do
let(:resp_options) { { code: 302, headers: { 'Location' => nil } } }
it 'returns false' do
@expected = false
end
end
context 'when login_error' do context 'when login_error' do
let(:resp_options) { { body: '<div id="login_error">' } } let(:resp_options) { { body: '<div id="login_error">' } }
@@ -120,10 +129,11 @@ shared_examples 'WpUser::BruteForcable' do
describe '#brute_force' do describe '#brute_force' do
let(:passwords) { %w{pass1 pass2 yolo kansei£Ô} } let(:passwords) { %w{pass1 pass2 yolo kansei£Ô} }
let(:login) { 'someuser' } let(:login) { 'someuser' }
let(:redirect_url) { 'http://www.example.com/asdf/' }
after do after do
wp_user.login = login wp_user.login = login
wp_user.brute_force(passwords) wp_user.brute_force(passwords, {}, redirect_url)
wp_user.password.should == @expected wp_user.password.should == @expected
end end
@@ -143,7 +153,7 @@ shared_examples 'WpUser::BruteForcable' do
# Due to the error with .with(body: { log: login }) above # Due to the error with .with(body: { log: login }) above
# We can't use it to stub the request for a specific password # We can't use it to stub the request for a specific password
# So, the first one will be valid # So, the first one will be valid
before { stub_request(:post, wp_user.login_url).to_return(status: 302) } before { stub_request(:post, wp_user.login_url).to_return(status: 302, headers: { 'Location' => redirect_url } ) }
it 'sets the @password' do it 'sets the @password' do
@expected = passwords[0] @expected = passwords[0]