In the previous article we covered the initialize method. So moving on to the juice stuff the check and exploit methods.
Enter Check Method
The check method is simple. we have already declared all we need to use so now lets put everything into good use.
Similar to our previous python based exploit ; we check whether the vulnerable script exists and simply return a vulnerable or not vulnerable state. Only difference is that this time we will only check and not action anything yet even if vulnerable. So a brief explanation of what you looking at:
- Line 41 speaks to building the root URL of the target; this is particularly important for items using the exploit method ; if a peer is not built you will get an error stating “cannot determine state” when running the method.
- Line 42 simply helps metasploit build urls using the normalize_uri function since we will be using relative URLs – it adds a trailing slash and removes double slashes too ;
- Line 43 caters for human errors; depending on how they entered slashes in the TARGETURI parameter to ensure correct placement of slashes.
- Line 44 sends a get request to the vulnerable script ; notice the use of wordpress_url_plugins instance method which helps us navigate to (wp-content/plugins) folder.
- line 45 checks whether the script returned an OK code and whether the request was successful
- Line 46 prints an exception if the method failed to get a response or if it got a response other than 200 meaning that exploitation has a high likelihood of failing .
Why choose access to the script as the determinant of exploitability?
- It is the file processor ; if we can’t reach it we can’t exploit it really . simple
In the next article ; we build the exploit