Module: Wpxf::WordPress::FileDownload

Includes:

Wpxf, Db::Loot, Helpers::Export

Defined in:

lib/wpxf/wordpress/file_download.rb

Overview

Provides reusable functionality for file download modules.

Instance Attribute Summary

• #downloaded_filename ⇒ String readonly

  Returns the path the file was downloaded to.

Instance Method Summary

• #before_download ⇒ Boolean

  A task to run before the download starts.

• #default_remote_file_path ⇒ String

  The default remote file path.

• #download_request_body ⇒ Hash, String

  The body to be used when requesting the download file.

• #download_request_method ⇒ Symbol

  The HTTP method to use when requesting the download file.

• #download_request_params ⇒ Hash

  The params to be used when requesting the download file.

• #downloader_url ⇒ String

  The URL of the vulnerable file used to download remote files.

• #expected_http_code ⇒ Integer

  The expected HTTP code for a successful download.

• #file_category ⇒ String

  The type of file downloaded by the module.

• #file_extension ⇒ String

  The file extension to use when downloading the file.

• #handle_unexpected_http_code(code) ⇒ Boolean

  Handles an occurrence of an unexpected result.

• #initialize ⇒ Object

  Initialize a new instance of FileDownload.

• #loot_description ⇒ String^?

  A custom description to use when storing the loot item.

• #register_remote_file_option? ⇒ Boolean
• #remote_file ⇒ String

  The path to the remote file.

• #run ⇒ Boolean

  Run the module.

• #validate_content(content) ⇒ Boolean

  Validate the contents of the requested file.

• #working_directory ⇒ String

  The working directory of the vulnerable file.

Methods included from Helpers::Export

#export_and_log_loot, #export_path, #generate_unique_filename, #register_export_path_option

Methods included from Db::Loot

#store_loot

Instance Attribute Details

#downloaded_filename ⇒ String (readonly)

Returns the path the file was downloaded to.

Returns:

• (String) —

  returns the path the file was downloaded to.

# File 'lib/wpxf/wordpress/file_download.rb', line 128

def downloaded_filename
  @downloaded_filename
end

Instance Method Details

#before_download ⇒ Boolean

A task to run before the download starts.

Returns:

• (Boolean) —

  true if pre-download operations were successful.

# File 'lib/wpxf/wordpress/file_download.rb', line 76

def before_download
  true
end

#default_remote_file_path ⇒ String

Returns the default remote file path.

Returns:

• (String) —

  the default remote file path.

# File 'lib/wpxf/wordpress/file_download.rb', line 46

def default_remote_file_path; end

#download_request_body ⇒ Hash, String

Returns the body to be used when requesting the download file.

Returns:

• (Hash, String) —

  the body to be used when requesting the download file.

# File 'lib/wpxf/wordpress/file_download.rb', line 55

def download_request_body; end

#download_request_method ⇒ Symbol

Returns the HTTP method to use when requesting the download file.

Returns:

• (Symbol) —

  the HTTP method to use when requesting the download file.

# File 'lib/wpxf/wordpress/file_download.rb', line 58

def download_request_method
  :get
end

#download_request_params ⇒ Hash

Returns the params to be used when requesting the download file.

Returns:

• (Hash) —

  the params to be used when requesting the download file.

# File 'lib/wpxf/wordpress/file_download.rb', line 52

def download_request_params; end

#downloader_url ⇒ String

Returns the URL of the vulnerable file used to download remote files.

Returns:

• (String) —

  the URL of the vulnerable file used to download remote files.

# File 'lib/wpxf/wordpress/file_download.rb', line 49

def downloader_url; end

#expected_http_code ⇒ Integer

Returns the expected HTTP code for a successful download.

Returns:

• (Integer) —

  the expected HTTP code for a successful download.

# File 'lib/wpxf/wordpress/file_download.rb', line 86

def expected_http_code
  200
end

#file_category ⇒ String

Returns the type of file downloaded by the module.

Returns:

• (String) —

  the type of file downloaded by the module.

# File 'lib/wpxf/wordpress/file_download.rb', line 99

def file_category
  'unknown'
end

#file_extension ⇒ String

Returns the file extension to use when downloading the file.

Returns:

• (String) —

  the file extension to use when downloading the file.

# File 'lib/wpxf/wordpress/file_download.rb', line 81

def file_extension
  ''
end

#handle_unexpected_http_code(code) ⇒ Boolean

Handles an occurrence of an unexpected result.

Parameters:

• code (Integer) —

  the returned HTTP code.

Returns:

• (Boolean) —

  true if the code should be ignored, false if the module should fail.

# File 'lib/wpxf/wordpress/file_download.rb', line 93

def handle_unexpected_http_code(code)
  emit_error "Server responded with code #{code}"
  false
end

#initialize ⇒ Object

Initialize a new instance of Wpxf::WordPress::FileDownload

# File 'lib/wpxf/wordpress/file_download.rb', line 13

def initialize
  super
  return unless register_remote_file_option?

  _update_info_without_validation(
    desc: %(
      This module exploits a vulnerability which allows you to
      download any arbitrary file (relative to #{working_directory})
      accessible by the user the web server is running as.
    )
  )

  register_option(
    StringOption.new(
      name: 'remote_file',
      desc: 'The path to the remote file',
      required: true,
      default: default_remote_file_path
    )
  )
end

#loot_description ⇒ String^?

Returns a custom description to use when storing the loot item.

Returns:

• (String, nil) —

  a custom description to use when storing the loot item.

# File 'lib/wpxf/wordpress/file_download.rb', line 40

def loot_description; end

#register_remote_file_option? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/wpxf/wordpress/file_download.rb', line 35

def register_remote_file_option?
  true
end

#remote_file ⇒ String

Returns the path to the remote file.

Returns:

• (String) —

  the path to the remote file.

# File 'lib/wpxf/wordpress/file_download.rb', line 63

def remote_file
  normalized_option_value('remote_file')
end

#run ⇒ Boolean

Run the module.

Returns:

• (Boolean) —

  true if successful.

# File 'lib/wpxf/wordpress/file_download.rb', line 105

def run
  _validate_implementation

  return false unless super
  return false unless before_download

  @downloaded_filename = generate_unique_filename(file_extension)
  emit_info 'Downloading file...'
  res = download_file(_build_request_opts(@downloaded_filename))

  return false unless _validate_result(res)
  unless validate_content(res.body)
    FileUtils.rm @downloaded_filename, force: true
    return false
  end

  emit_success "Downloaded file to #{@downloaded_filename}"
  _store_file_as_loot

  true
end

#validate_content(content) ⇒ Boolean

Validate the contents of the requested file.

Parameters:

• content (String) —

  the file contents.

Returns:

• (Boolean) —

  true if valid.

# File 'lib/wpxf/wordpress/file_download.rb', line 70

def validate_content(content)
  true
end

#working_directory ⇒ String

Returns the working directory of the vulnerable file.

Returns:

• (String) —

  the working directory of the vulnerable file.

# File 'lib/wpxf/wordpress/file_download.rb', line 43

def working_directory; end