Class: WPScan::Finders::Passwords::XMLRPC

Inherits:

Finder

• Object
• Finder
• WPScan::Finders::Passwords::XMLRPC

Includes:

Finder::BreadthFirstDictionaryAttack

Defined in:

app/finders/passwords/xml_rpc.rb

Overview

Password attack against the XMLRPC interface

Constant Summary

Constants inherited from Finder

Finder::DIRECT_ACCESS

Instance Attribute Summary

Attributes inherited from Finder

#progress_bar, #target

Instance Method Summary

• #errored_response?(response) ⇒ Boolean
• #login_request(username, password) ⇒ Object
• #valid_credentials?(response) ⇒ Boolean

Methods included from Finder::BreadthFirstDictionaryAttack

#attack, #create_login_config

Methods inherited from Finder

#aggressive, #browser, #create_progress_bar, #found_by, #hydra, #initialize, #passive, #titleize

Constructor Details

This class inherits a constructor from WPScan::Finders::Finder

Instance Method Details

#errored_response?(response) ⇒ Boolean

Returns:

• (Boolean)

# File 'app/finders/passwords/xml_rpc.rb', line 18

def errored_response?(response)
  response.code != 200 && response.body !~ /Incorrect username or password/i
end

#login_request(username, password) ⇒ Object

# File 'app/finders/passwords/xml_rpc.rb', line 10

def login_request(username, password)
  target.method_call('wp.getUsersBlogs', [username, password], cache_ttl: 0)
end

#valid_credentials?(response) ⇒ Boolean

Returns:

• (Boolean)

# File 'app/finders/passwords/xml_rpc.rb', line 14

def valid_credentials?(response)
  response.code == 200 && response.body.include?('blogName')
end