Module: Msf::Exploit::Remote::HTTP::Wordpress
- Includes:
- Admin, Base, Helpers, Login, Posts, Register, URIs, Users, Version, XmlRpc, Msf::Exploit::Remote::HttpClient
- Defined in:
- lib/msf/core/exploit/remote/http/wordpress.rb
Overview
This module provides a way of interacting with wordpress installations
Defined Under Namespace
Modules: Admin, Base, Helpers, Login, Posts, Register, URIs, Users, Version, XmlRpc
Constant Summary
Constants included from Version
Version::WORDPRESS_VERSION_PATTERN
Instance Attribute Summary
Attributes included from Msf::Exploit::Remote::HttpClient
Instance Method Summary collapse
Methods included from XmlRpc
#wordpress_generate_xml_rpc_body, #wordpress_xmlrpc_enabled?
Methods included from Version
#check_plugin_version_from_readme, #check_theme_version_from_readme, #check_theme_version_from_style, #check_version_from_custom_file, #wordpress_version
Methods included from Users
#wordpress_user_exists?, #wordpress_userid_exists?
Methods included from URIs
#wordpress_url_admin_ajax, #wordpress_url_admin_plugin_editor, #wordpress_url_admin_post, #wordpress_url_admin_update, #wordpress_url_atom, #wordpress_url_author, #wordpress_url_backend, #wordpress_url_login, #wordpress_url_opml, #wordpress_url_plugins, #wordpress_url_post, #wordpress_url_rdf, #wordpress_url_readme, #wordpress_url_rest_api, #wordpress_url_rss, #wordpress_url_sitemap, #wordpress_url_themes, #wordpress_url_uploads, #wordpress_url_wp_content, #wordpress_url_xmlrpc
Methods included from Posts
#get_post_id_from_body, #wordpress_bruteforce_valid_post_id, #wordpress_bruteforce_valid_post_id_with_comments_enabled, #wordpress_get_all_blog_posts_via_feed, #wordpress_get_unauth_comment_cookies, #wordpress_post_comment_auth, #wordpress_post_comment_no_auth, #wordpress_post_comments_enabled?, #wordpress_post_id_comments_enabled?
Methods included from Register
Methods included from Login
Methods included from Base
Methods included from Admin
#generate_plugin, #wordpress_edit_plugin, #wordpress_upload_plugin
Methods included from Msf::Exploit::Remote::HttpClient
#basic_auth, #cleanup, #configure_http_login_scanner, #connect, #connect_ws, #deregister_http_client_options, #disconnect, #download, #full_uri, #handler, #http_fingerprint, #lookup_http_fingerprints, #normalize_uri, #path_from_uri, #peer, #proxies, #reconfig_redirect_opts!, #request_opts_from_url, #request_url, #rhost, #rport, #send_request_cgi, #send_request_cgi!, #send_request_raw, #service_details, #setup, #ssl, #ssl_version, #strip_tags, #target_uri, #validate_fingerprint, #vhost
Methods included from Auxiliary::LoginScanner
Methods included from Auxiliary::Report
#active_db?, #create_cracked_credential, #create_credential, #create_credential_and_login, #create_credential_login, #db, #db_warning_given?, #get_client, #get_host, #inside_workspace_boundary?, #invalidate_login, #mytask, #myworkspace, #myworkspace_id, #report_auth_info, #report_client, #report_exploit, #report_host, #report_loot, #report_note, #report_service, #report_vuln, #report_web_form, #report_web_page, #report_web_site, #report_web_vuln, #store_cred, #store_local, #store_loot
Methods included from Metasploit::Framework::Require
optionally, optionally_active_record_railtie, optionally_include_metasploit_credential_creation, #optionally_include_metasploit_credential_creation, optionally_require_metasploit_db_gem_engines
Instance Method Details
#initialize(info = {}) ⇒ Object
21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 |
# File 'lib/msf/core/exploit/remote/http/wordpress.rb', line 21 def initialize(info = {}) super ( [ Msf::OptString.new('TARGETURI', [true, 'The base path to the wordpress application', '/']) ], Msf::Exploit::Remote::HTTP::Wordpress ) ( [ Msf::OptString.new('WPCONTENTDIR', [true, 'The name of the wp-content directory', 'wp-content']), Msf::OptBool.new('WPCHECK', [true, 'Check if the website is a valid WordPress install', true]), ], Msf::Exploit::Remote::HTTP::Wordpress ) end |
#wp_content_dir ⇒ Object
38 39 40 |
# File 'lib/msf/core/exploit/remote/http/wordpress.rb', line 38 def wp_content_dir datastore['WPCONTENTDIR'] end |