Module: Msf::Exploit::Remote::HTTP::Wordpress::Login

Included in:
Msf::Exploit::Remote::HTTP::Wordpress
Defined in:
lib/msf/core/exploit/remote/http/wordpress/login.rb

Instance Method Summary collapse

Instance Method Details

#wordpress_login(user, pass, timeout = 20) ⇒ String?

performs a wordpress login

Parameters:

  • user (String)

    Username

  • pass (String)

    Password

  • timeout (Integer) (defaults to: 20)

    The maximum number of seconds to wait before the request times out

Returns:

  • (String, nil)

    the session cookies as a single string on successful login, nil otherwise



10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
# File 'lib/msf/core/exploit/remote/http/wordpress/login.rb', line 10

def (user, pass, timeout = 20)
  redirect = "#{target_uri}#{Rex::Text.rand_text_alpha(8)}"
  res = send_request_cgi({
      'method' => 'POST',
      'uri' => ,
      'vars_post' => (user, pass, redirect)
  }, timeout)
  if res && res.redirect? && res.redirection && res.redirection.to_s == redirect
    cookies = res.get_cookies
    # Check if a valid wordpress cookie is returned
    return cookies if
      # current Wordpress
      cookies =~ /wordpress(?:_sec)?_logged_in_[^=]+=[^;]+;/i ||
      # Wordpress 2.0
      cookies =~ /wordpress(?:user|pass)_[^=]+=[^;]+;/i ||
      # Wordpress 2.5
      cookies =~ /wordpress_[a-z0-9]+=[^;]+;/i
  end

  nil
end