Class: WPScan::Finders::Users::LoginErrorMessages

Inherits:

CMSScanner::Finders::Finder

Object
CMSScanner::Finders::Finder
WPScan::Finders::Users::LoginErrorMessages

Defined in:: app/finders/users/login_error_messages.rb

Overview

Existing username:

WP < 3.1 - Incorrect password.
WP >= 3.1 - The password you entered for the username admin is incorrect.

Non existent username: Invalid username.

Instance Method Summary collapse

#aggressive(opts = {}) ⇒ Array<User>
#usernames(opts = {}) ⇒ Array<String>

List of usernames to check.

Instance Method Details

#aggressive(opts = {}) ⇒ `Array<User>`

Parameters:

opts (Hash) (defaults to: {})

Options Hash (opts):

:list (String)

Returns:

(Array<User>)

# File 'app/finders/users/login_error_messages.rb', line 18

def aggressive(opts = {})
  found = []

  usernames(opts).each do |username|
    res   = target.do_login(username, SecureRandom.hex[0, 8])
    error = res.html.css('div#login_error').text.strip

    return found if error.empty? # Protection plugin / error disabled

    next unless /The password you entered for the username|Incorrect Password/i.match?(error)

    found << Model::User.new(username, found_by: found_by, confidence: 100)
  end

  found
end

#usernames(opts = {}) ⇒ `Array<String>`

Returns List of usernames to check.

Returns:

(Array<String>) —

List of usernames to check

# File 'app/finders/users/login_error_messages.rb', line 36

def usernames(opts = {})
  # usernames from the potential Users found
  unames = opts[:found].map(&:username)

  [*opts[:list]].each { |uname| unames << uname.chomp }

  unames.uniq
end

Class: WPScan::Finders::Users::LoginErrorMessages

Overview

Instance Method Summary collapse

Instance Method Details

#aggressive(opts = {}) ⇒ Array<User>

#usernames(opts = {}) ⇒ Array<String>

#aggressive(opts = {}) ⇒ `Array<User>`

#usernames(opts = {}) ⇒ `Array<String>`