In the previous article we built the check method and all went well; now the last bit is build the exploit method and clean up.
Moving right into the code, I will explain the important parts that may be relatively new ;
- Line 52 helps us generate the payload
- Line 53 helps us give our payload a file name that will be important when uploading the shell
- Line 54 references metasploit’s message method. This helps us build the body of our POST request.
- Line 56 adds the content of our payload
- Line 57 includes the content type
- Line 59 tells metasploit the form field to send the request as in this case we will be populating a parameter called file
- Line 55 & 60 contain the beginning and end of the add_part instance method which holds request parameters.
- Line 62-65 send the post request to upload the file
- Line 66-69 is some error handling ; if the request fails totally then tell the user if not then proceed.
- Line 70 reads the message from the upload to get the URL of the shell; this bit is important because the file is renamed on upload
- Line 71 ; ruby doesn’t explicitly have a string replace method to the best of my knowledge but you can load a string and kill a part of it in a substring in this case we delete the bad part of the URL to remain only with the shell name.
- Line 72 build the correct URL to the shell; notice we added .strip to the alst variable this is to remove trailing and leading white spaces.
- Line 74 makes a GET request to the shell while Line 75 starts the meterpreter handler; – This automates the manual method of generating a payload with msfvenom ; starting a exploit/multi/handler and listening for requests from the payload once its uploaded and manually accessed once.
- Line 76 tell us about the problem if we can’t find the shell.
I iterated this process for all other 4 plugins affected by the same issue.
As mentioned alot of discipline is needed on metasploit exploits; therefore lets clean up the code to befit metasploit. Some things to note :
- Use spaces not tabs
- Disclosure date needs to conform to the format in the example i.e. short month day year
- Don’t use <=> et al in your title ; you can use it in all other places where need be just not the title
- File shouldn’t be executable ; if it is you can change permissions to 664 or 644
Once the housekeeping above is done it would be good to use rubocop. To use it to clean up your code you can simply get a report of issues by :
- Navigating to the folder where the metasploit code is
- typing rubocop
- Manually fix issues
For the lazier type like myself ; rubocop has autocorrect capabilities so you would run ; rubocop -a
Now one issue to note though is it changed some aspects that would cause a bug ; in this particular instance as seen below so i changed the number back to 200 and we were goood.
After it is done ; go through the code. to be sure i repeat.
Check your code….. again!!
Lastly we will copy our code to the required metasploit folder and check it for any bugs; using metasploit’s own msftidy.
Lastly launch metasploit , if already launched run the command reload_all then test your exploit and voila; we are done.
The modules used in prepping this tutorial can be found on github.