module Wpxf::WordPress::FileDownload

Provides reusable functionality for file download modules.

Attributes

downloaded_filename[R]

@return [String] returns the path the file was downloaded to.

Public Class Methods

new() click to toggle source

Initialize a new instance of {FileDownload}

Calls superclass method
# File lib/wpxf/wordpress/file_download.rb, line 13
def initialize
  super
  return unless register_remote_file_option?

  _update_info_without_validation(
    desc: %(
      This module exploits a vulnerability which allows you to
      download any arbitrary file (relative to #{working_directory})
      accessible by the user the web server is running as.
    )
  )

  register_option(
    StringOption.new(
      name: 'remote_file',
      desc: 'The path to the remote file',
      required: true,
      default: default_remote_file_path
    )
  )
end

Public Instance Methods

before_download() click to toggle source

A task to run before the download starts. @return [Boolean] true if pre-download operations were successful.

# File lib/wpxf/wordpress/file_download.rb, line 76
def before_download
  true
end
default_remote_file_path() click to toggle source

@return [String] the default remote file path.

# File lib/wpxf/wordpress/file_download.rb, line 46
def default_remote_file_path; end
download_request_body() click to toggle source

@return [Hash, String] the body to be used when requesting the download file.

# File lib/wpxf/wordpress/file_download.rb, line 55
def download_request_body; end
download_request_method() click to toggle source

@return [Symbol] the HTTP method to use when requesting the download file.

# File lib/wpxf/wordpress/file_download.rb, line 58
def download_request_method
  :get
end
download_request_params() click to toggle source

@return [Hash] the params to be used when requesting the download file.

# File lib/wpxf/wordpress/file_download.rb, line 52
def download_request_params; end
downloader_url() click to toggle source

@return [String] the URL of the vulnerable file used to download remote files.

# File lib/wpxf/wordpress/file_download.rb, line 49
def downloader_url; end
expected_http_code() click to toggle source

@return [Integer] the expected HTTP code for a successful download.

# File lib/wpxf/wordpress/file_download.rb, line 86
def expected_http_code
  200
end
file_category() click to toggle source

@return [String] the type of file downloaded by the module.

# File lib/wpxf/wordpress/file_download.rb, line 99
def file_category
  'unknown'
end
file_extension() click to toggle source

@return [String] the file extension to use when downloading the file.

# File lib/wpxf/wordpress/file_download.rb, line 81
def file_extension
  ''
end
handle_unexpected_http_code(code) click to toggle source

Handles an occurrence of an unexpected result. @param code [Integer] the returned HTTP code. @return [Boolean] true if the code should be ignored, false if the module should fail.

# File lib/wpxf/wordpress/file_download.rb, line 93
def handle_unexpected_http_code(code)
  emit_error "Server responded with code #{code}"
  false
end
loot_description() click to toggle source

@return [String, nil] a custom description to use when storing the loot item.

# File lib/wpxf/wordpress/file_download.rb, line 40
def loot_description; end
register_remote_file_option?() click to toggle source
# File lib/wpxf/wordpress/file_download.rb, line 35
def register_remote_file_option?
  true
end
remote_file() click to toggle source

@return [String] the path to the remote file.

# File lib/wpxf/wordpress/file_download.rb, line 63
def remote_file
  normalized_option_value('remote_file')
end
run() click to toggle source

Run the module. @return [Boolean] true if successful.

Calls superclass method
# File lib/wpxf/wordpress/file_download.rb, line 105
def run
  _validate_implementation

  return false unless super
  return false unless before_download

  @downloaded_filename = generate_unique_filename(file_extension)
  emit_info 'Downloading file...'
  res = download_file(_build_request_opts(@downloaded_filename))

  return false unless _validate_result(res)
  unless validate_content(res.body)
    FileUtils.rm @downloaded_filename, force: true
    return false
  end

  emit_success "Downloaded file to #{@downloaded_filename}"
  _store_file_as_loot

  true
end
validate_content(content) click to toggle source

Validate the contents of the requested file. @param content [String] the file contents. @return [Boolean] true if valid.

# File lib/wpxf/wordpress/file_download.rb, line 70
def validate_content(content)
  true
end
working_directory() click to toggle source

@return [String] the working directory of the vulnerable file.

# File lib/wpxf/wordpress/file_download.rb, line 43
def working_directory; end

Private Instance Methods

_build_request_opts(filename) click to toggle source
# File lib/wpxf/wordpress/file_download.rb, line 158
def _build_request_opts(filename)
  {
    method: download_request_method,
    url: downloader_url,
    params: download_request_params,
    body: download_request_body,
    cookie: session_cookie,
    local_filename: filename
  }
end
_store_file_as_loot() click to toggle source
# File lib/wpxf/wordpress/file_download.rb, line 132
def _store_file_as_loot
  desc = loot_description

  if desc.nil? && register_remote_file_option?
    desc = "Remote file: #{File.basename(remote_file)[0..85]}"
  end

  desc = '' if desc.nil?
  store_loot downloaded_filename, desc[0..99], file_category
end
_validate_implementation() click to toggle source
# File lib/wpxf/wordpress/file_download.rb, line 143
def _validate_implementation
  return unless register_remote_file_option?
  raise 'A value must be specified for #working_directory' unless working_directory
end
_validate_result(res) click to toggle source
# File lib/wpxf/wordpress/file_download.rb, line 148
def _validate_result(res)
  if res.nil? || res.timed_out?
    emit_error 'Request timed out, try increasing the http_client_timeout'
    return false
  end

  return true unless res.code != expected_http_code
  handle_unexpected_http_code(res.code)
end