Class: WPScan::Finders::Users::LoginErrorMessages

Inherits:

CMSScanner::Finders::Finder

• Object
• CMSScanner::Finders::Finder
• WPScan::Finders::Users::LoginErrorMessages

Defined in:

app/finders/users/login_error_messages.rb

Overview

Login Error Messages

Existing username:

WP < 3.1 - Incorrect password.
WP >= 3.1 - The password you entered for the username admin is incorrect.

Non existent username: Invalid username.

Instance Method Summary

• #aggressive(opts = {}) ⇒ Array<User>
• #usernames(opts = {}) ⇒ Array<String>

  List of usernames to check.

Instance Method Details

#aggressive(opts = {}) ⇒ Array<User>

Parameters:

• opts (Hash) (defaults to: {})

Options Hash (opts):

• :list (String)

Returns:

• (Array<User>)

# File 'app/finders/users/login_error_messages.rb', line 16

def aggressive(opts = {})
  found = []

  usernames(opts).each do |username|
    res = target.do_login(username, SecureRandom.hex[0, 8])

    return found unless res.code == 200

    error = res.html.css('div#login_error').text.strip

    return found if error.empty? # Protection plugin / error disabled

    next unless error =~ /The password you entered for the username|Incorrect Password/i

    found << WPScan::User.new(username, found_by: found_by, confidence: 100)
  end

  found
end

#usernames(opts = {}) ⇒ Array<String>

Returns List of usernames to check.

Returns:

• (Array<String>) —

  List of usernames to check

# File 'app/finders/users/login_error_messages.rb', line 37

def usernames(opts = {})
  # usernames from the potential Users found
  unames = opts[:found].map(&:username)

  if opts[:list]
    File.open(opts[:list]).each { |uname| unames << uname.chomp }
  end

  unames.uniq
end