From f65532e347f9bc3f67e7420f2387203a3e610e3d Mon Sep 17 00:00:00 2001 From: erwanlr Date: Thu, 16 Jul 2020 14:39:09 +0200 Subject: [PATCH] Uses an enumerator to read wordlist during pwd attack. Fixes #1518 --- app/controllers/password_attack.rb | 11 +---------- spec/app/controllers/password_attack_spec.rb | 6 +----- spec/app/finders/passwords/xml_rpc_spec.rb | 4 +++- spec/fixtures/finders/passwords.txt | 1 + wpscan.gemspec | 2 +- 5 files changed, 7 insertions(+), 17 deletions(-) create mode 100644 spec/fixtures/finders/passwords.txt diff --git a/app/controllers/password_attack.rb b/app/controllers/password_attack.rb index 6c544519..7a72644b 100644 --- a/app/controllers/password_attack.rb +++ b/app/controllers/password_attack.rb @@ -41,7 +41,7 @@ module WPScan msg: "Performing password attack on #{attacker.titleize} against #{users.size} user/s") end - attacker.attack(users, passwords(ParsedCli.passwords), attack_opts) do |user| + attacker.attack(users, ParsedCli.passwords, attack_opts) do |user| found << user attacker.progress_bar.log("[SUCCESS] - #{user.username} / #{user.password}") @@ -122,15 +122,6 @@ module WPScan acc << Model::User.new(elem.chomp) end end - - # @param [ String ] wordlist_path - # - # @return [ Array ] - def passwords(wordlist_path) - @passwords ||= File.open(wordlist_path).reduce([]) do |acc, elem| - acc << elem.chomp - end - end end end end diff --git a/spec/app/controllers/password_attack_spec.rb b/spec/app/controllers/password_attack_spec.rb index 60a73db2..59d1a552 100644 --- a/spec/app/controllers/password_attack_spec.rb +++ b/spec/app/controllers/password_attack_spec.rb @@ -21,7 +21,7 @@ describe WPScan::Controller::PasswordAttack do describe '#users' do context 'when no --usernames' do - it 'calles target.users' do + it 'calls target.users' do expect(controller.target).to receive(:users) controller.users end @@ -40,10 +40,6 @@ describe WPScan::Controller::PasswordAttack do end end - describe '#passwords' do - xit - end - describe '#run' do context 'when no --passwords is supplied' do it 'does not run the attacker' do diff --git a/spec/app/finders/passwords/xml_rpc_spec.rb b/spec/app/finders/passwords/xml_rpc_spec.rb index c4ad84e1..a258b181 100644 --- a/spec/app/finders/passwords/xml_rpc_spec.rb +++ b/spec/app/finders/passwords/xml_rpc_spec.rb @@ -24,11 +24,13 @@ describe WPScan::Finders::Passwords::XMLRPC do ' describe '#attack' do + let(:wordlist_path) { FINDERS_FIXTURES.join('passwords.txt').to_s } + context 'when no valid credentials' do before do stub_request(:post, url).to_return(status: status, body: RESPONSE_403_BODY) - finder.attack(users, %w[pwd]) + finder.attack(users, wordlist_path) end let(:users) { %w[admin].map { |username| WPScan::Model::User.new(username) } } diff --git a/spec/fixtures/finders/passwords.txt b/spec/fixtures/finders/passwords.txt new file mode 100644 index 00000000..013c184c --- /dev/null +++ b/spec/fixtures/finders/passwords.txt @@ -0,0 +1 @@ +pwd \ No newline at end of file diff --git a/wpscan.gemspec b/wpscan.gemspec index bfc6dc25..550522b5 100644 --- a/wpscan.gemspec +++ b/wpscan.gemspec @@ -21,7 +21,7 @@ Gem::Specification.new do |s| s.executables = ['wpscan'] s.require_paths = ['lib'] - s.add_dependency 'cms_scanner', '~> 0.11.0' + s.add_dependency 'cms_scanner', '~> 0.12.0' s.add_development_dependency 'bundler', '>= 1.6' s.add_development_dependency 'memory_profiler', '~> 0.9.13'