garfield/wpscan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
3590f5ed2ff3dd72b52ea8f16fb25fec5be3aa09
wpscan/doc/BruteForce.html
Christian Mehlmauer 29280dc0ab bugfixing and more rspec tests
2012-09-21 22:10:33 +02:00

379 lines
18 KiB
HTML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type" />
<title>Module: BruteForce</title>
<link rel="stylesheet" href="./rdoc.css" type="text/css" media="screen" />
<script src="./js/jquery.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/thickbox-compressed.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/quicksearch.js" type="text/javascript" charset="utf-8"></script>
<script src="./js/darkfish.js" type="text/javascript" charset="utf-8"></script>
</head>
<body id="top" class="module">
<div id="metadata">
<div id="home-metadata">
<div id="home-section" class="section">
<h3 class="section-header">
<a href="./index.html">Home</a>
<a href="./index.html#classes">Classes</a>
<a href="./index.html#methods">Methods</a>
</h3>
</div>
</div>
<div id="file-metadata">
<div id="file-list-section" class="section">
<h3 class="section-header">In Files</h3>
<div class="section-body">
<ul>
<li><a href="./lib/wpscan/modules/brute_force_rb.html?TB_iframe=true&amp;height=550&amp;width=785"
class="thickbox" title="lib/wpscan/modules/brute_force.rb">lib/wpscan/modules/brute_force.rb</a></li>
</ul>
</div>
</div>
</div>
<div id="class-metadata">
<!-- Method Quickref -->
<div id="method-list-section" class="section">
<h3 class="section-header">Methods</h3>
<ul class="link-list">
<li><a href="#method-c-lines_in_file">::lines_in_file</a></li>
<li><a href="#method-i-brute_force">#brute_force</a></li>
</ul>
</div>
</div>
<div id="project-metadata">
<div id="fileindex-section" class="section project-section">
<h3 class="section-header">Files</h3>
<ul>
<li class="file"><a href="./CREDITS.html">CREDITS</a></li>
<li class="file"><a href="./README.html">README</a></li>
</ul>
</div>
<div id="classindex-section" class="section project-section">
<h3 class="section-header">Class/Module Index
<span class="search-toggle"><img src="./images/find.png"
height="16" width="16" alt="[+]"
title="show/hide quicksearch" /></span></h3>
<form action="#" method="get" accept-charset="utf-8" class="initially-hidden">
<fieldset>
<legend>Quicksearch</legend>
<input type="text" name="quicksearch" value=""
class="quicksearch-field" />
</fieldset>
</form>
<ul class="link-list">
<li><a href="./Array.html">Array</a></li>
<li><a href="./Browser.html">Browser</a></li>
<li><a href="./BruteForce.html">BruteForce</a></li>
<li><a href="./CacheFileStore.html">CacheFileStore</a></li>
<li><a href="./Exploit.html">Exploit</a></li>
<li><a href="./Generate_List.html">Generate_List</a></li>
<li><a href="./GitUpdater.html">GitUpdater</a></li>
<li><a href="./Malwares.html">Malwares</a></li>
<li><a href="./Object.html">Object</a></li>
<li><a href="./RpcClient.html">RpcClient</a></li>
<li><a href="./SvnUpdater.html">SvnUpdater</a></li>
<li><a href="./Svn_Parser.html">Svn_Parser</a></li>
<li><a href="./Updater.html">Updater</a></li>
<li><a href="./UpdaterFactory.html">UpdaterFactory</a></li>
<li><a href="./Vulnerable.html">Vulnerable</a></li>
<li><a href="./WebSite.html">WebSite</a></li>
<li><a href="./WpConfigBackup.html">WpConfigBackup</a></li>
<li><a href="./WpDetector.html">WpDetector</a></li>
<li><a href="./WpEnumerator.html">WpEnumerator</a></li>
<li><a href="./WpFullPathDisclosure.html">WpFullPathDisclosure</a></li>
<li><a href="./WpItem.html">WpItem</a></li>
<li><a href="./WpLoginProtection.html">WpLoginProtection</a></li>
<li><a href="./WpOptions.html">WpOptions</a></li>
<li><a href="./WpPlugin.html">WpPlugin</a></li>
<li><a href="./WpPlugins.html">WpPlugins</a></li>
<li><a href="./WpReadme.html">WpReadme</a></li>
<li><a href="./WpTarget.html">WpTarget</a></li>
<li><a href="./WpTheme.html">WpTheme</a></li>
<li><a href="./WpThemes.html">WpThemes</a></li>
<li><a href="./WpTimthumbs.html">WpTimthumbs</a></li>
<li><a href="./WpUser.html">WpUser</a></li>
<li><a href="./WpUsernames.html">WpUsernames</a></li>
<li><a href="./WpVersion.html">WpVersion</a></li>
<li><a href="./WpVulnerability.html">WpVulnerability</a></li>
<li><a href="./WpscanOptions.html">WpscanOptions</a></li>
</ul>
<div id="no-class-search-results" style="display: none;">No matching classes.</div>
</div>
</div>
</div>
<div id="documentation">
<h1 class="module">BruteForce</h1>
<div id="description" class="description">
</div><!-- description -->
<div id="5Buntitled-5D" class="documentation-section">
<!-- Methods -->
<div id="public-class-method-details" class="method-section section">
<h3 class="section-header">Public Class Methods</h3>
<div id="lines_in_file-method" class="method-detail ">
<a name="method-c-lines_in_file"></a>
<div class="method-heading">
<span class="method-name">lines_in_file</span><span
class="method-args">(file_path)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>Counts the number of lines in the wordlist It can take a couple of minutes
on large wordlists, although bareable.</p>
<div class="method-source-code" id="lines_in_file-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/modules/brute_force.rb, line 114</span>
<span class="ruby-keyword">def</span> <span class="ruby-keyword">self</span>.<span class="ruby-identifier">lines_in_file</span>(<span class="ruby-identifier">file_path</span>)
<span class="ruby-identifier">lines</span> = <span class="ruby-value">0</span>
<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-identifier">file_path</span>, <span class="ruby-string">'r'</span>).<span class="ruby-identifier">each</span> { <span class="ruby-operator">||</span> <span class="ruby-identifier">lines</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span> }
<span class="ruby-identifier">lines</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- lines_in_file-source -->
</div>
</div><!-- lines_in_file-method -->
</div><!-- public-class-method-details -->
<div id="public-instance-method-details" class="method-section section">
<h3 class="section-header">Public Instance Methods</h3>
<div id="brute_force-method" class="method-detail ">
<a name="method-i-brute_force"></a>
<div class="method-heading">
<span class="method-name">brute_force</span><span
class="method-args">(logins, wordlist_path)</span>
<span class="method-click-advice">click to toggle source</span>
</div>
<div class="method-description">
<p>param array of string logins param string wordlist_path</p>
<div class="method-source-code" id="brute_force-source">
<pre>
<span class="ruby-comment"># File lib/wpscan/modules/brute_force.rb, line 23</span>
<span class="ruby-keyword">def</span> <span class="ruby-identifier">brute_force</span>(<span class="ruby-identifier">logins</span>, <span class="ruby-identifier">wordlist_path</span>)
<span class="ruby-identifier">hydra</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">hydra</span>
<span class="ruby-identifier">number_of_passwords</span> = <span class="ruby-constant">BruteForce</span>.<span class="ruby-identifier">lines_in_file</span>(<span class="ruby-identifier">wordlist_path</span>)
<span class="ruby-identifier">login_url</span> = <span class="ruby-identifier">login_url</span>()
<span class="ruby-identifier">found</span> = []
<span class="ruby-identifier">logins</span>.<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">login</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">queue_count</span> = <span class="ruby-value">0</span>
<span class="ruby-identifier">request_count</span> = <span class="ruby-value">0</span>
<span class="ruby-identifier">password_found</span> = <span class="ruby-keyword">false</span>
<span class="ruby-constant">File</span>.<span class="ruby-identifier">open</span>(<span class="ruby-identifier">wordlist_path</span>, <span class="ruby-string">&quot;r&quot;</span>).<span class="ruby-identifier">each</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">password</span><span class="ruby-operator">|</span>
<span class="ruby-comment"># ignore file comments, but will miss passwords if they start with a hash...</span>
<span class="ruby-keyword">next</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">password</span>[<span class="ruby-value">0</span>,<span class="ruby-value">1</span>] <span class="ruby-operator">==</span> <span class="ruby-node">&quot;#&quot;</span>
<span class="ruby-comment"># keep a count of the amount of requests to be sent</span>
<span class="ruby-identifier">request_count</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
<span class="ruby-identifier">queue_count</span> <span class="ruby-operator">+=</span> <span class="ruby-value">1</span>
<span class="ruby-comment"># create local vars for on_complete call back, Issue 51.</span>
<span class="ruby-identifier">username</span> = <span class="ruby-identifier">login</span>.<span class="ruby-identifier">name</span>
<span class="ruby-identifier">password</span> = <span class="ruby-identifier">password</span>
<span class="ruby-comment"># the request object</span>
<span class="ruby-identifier">request</span> = <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">forge_request</span>(<span class="ruby-identifier">login_url</span>,
{
<span class="ruby-value">:method</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">:post</span>,
<span class="ruby-value">:params</span> =<span class="ruby-operator">&gt;</span> {<span class="ruby-value">:log</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">username</span>, <span class="ruby-value">:pwd</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">password</span>},
<span class="ruby-value">:cache_timeout</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-value">0</span>
}
)
<span class="ruby-comment"># tell hydra what to do when the request completes</span>
<span class="ruby-identifier">request</span>.<span class="ruby-identifier">on_complete</span> <span class="ruby-keyword">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">response</span><span class="ruby-operator">|</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;\n Trying Username : #{username} Password : #{password}&quot;</span> <span class="ruby-keyword">if</span> <span class="ruby-ivar">@verbose</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">body</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">/login_error/</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;\nIncorrect username and/or password.&quot;</span> <span class="ruby-keyword">if</span> <span class="ruby-ivar">@verbose</span>
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">302</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;\n [SUCCESS] Username : #{username} Password : #{password}\n&quot;</span>
<span class="ruby-identifier">found</span> <span class="ruby-operator">&lt;&lt;</span> { <span class="ruby-value">:name</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">username</span>, <span class="ruby-value">:password</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">password</span> }
<span class="ruby-identifier">password_found</span> = <span class="ruby-keyword">true</span>
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">timed_out?</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;ERROR: Request timed out.&quot;</span>
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">code</span> <span class="ruby-operator">==</span> <span class="ruby-value">0</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;ERROR: No response from remote server. WAF/IPS?&quot;</span>
<span class="ruby-comment"># code is a fixnum, needs a string for regex</span>
<span class="ruby-keyword">elsif</span> <span class="ruby-identifier">response</span>.<span class="ruby-identifier">code</span>.<span class="ruby-identifier">to_s</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp">/^50/</span>
<span class="ruby-identifier">puts</span> <span class="ruby-string">&quot;ERROR: Server error, try reducing the number of threads.&quot;</span>
<span class="ruby-keyword">else</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;\nERROR: We recieved an unknown response for #{password}...&quot;</span>
<span class="ruby-keyword">if</span> <span class="ruby-ivar">@verbose</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;Code: #{response.code.to_s}&quot;</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;Body: #{response.body}&quot;</span>
<span class="ruby-identifier">puts</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-comment"># move onto the next username if we have found a valid password</span>
<span class="ruby-keyword">break</span> <span class="ruby-keyword">if</span> <span class="ruby-identifier">password_found</span>
<span class="ruby-comment"># queue the request to be sent later</span>
<span class="ruby-identifier">hydra</span>.<span class="ruby-identifier">queue</span>(<span class="ruby-identifier">request</span>)
<span class="ruby-comment"># progress indicator</span>
<span class="ruby-identifier">print</span> <span class="ruby-node">&quot;\r Brute forcing user '#{username}' with #{number_of_passwords} passwords... #{(request_count * 100) / number_of_passwords}% complete.&quot;</span>
<span class="ruby-comment"># it can take a long time to queue 2 million requests,</span>
<span class="ruby-comment"># for that reason, we queue @threads, send @threads, queue @threads and so on.</span>
<span class="ruby-comment"># hydra.run only returns when it has recieved all of its,</span>
<span class="ruby-comment"># responses. This means that while we are waiting for @threads,</span>
<span class="ruby-comment"># responses, we are waiting...</span>
<span class="ruby-keyword">if</span> <span class="ruby-identifier">queue_count</span> <span class="ruby-operator">&gt;=</span> <span class="ruby-constant">Browser</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">max_threads</span>
<span class="ruby-identifier">hydra</span>.<span class="ruby-identifier">run</span>
<span class="ruby-identifier">queue_count</span> = <span class="ruby-value">0</span>
<span class="ruby-identifier">puts</span> <span class="ruby-node">&quot;Sent #{Browser.instance.max_threads} requests ...&quot;</span> <span class="ruby-keyword">if</span> <span class="ruby-ivar">@verbose</span>
<span class="ruby-keyword">end</span>
<span class="ruby-keyword">end</span>
<span class="ruby-comment"># run all of the remaining requests</span>
<span class="ruby-identifier">hydra</span>.<span class="ruby-identifier">run</span>
<span class="ruby-keyword">end</span>
<span class="ruby-identifier">found</span>
<span class="ruby-keyword">end</span></pre>
</div><!-- brute_force-source -->
</div>
</div><!-- brute_force-method -->
</div><!-- public-instance-method-details -->
</div><!-- 5Buntitled-5D -->
</div><!-- documentation -->
<div id="validator-badges">
<p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>
<p><small>Generated with the <a href="http://deveiate.org/projects/Darkfish-Rdoc/">Darkfish
Rdoc Generator</a> 2</small>.</p>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink