Record credentials when wordpress_login succeeds

Author: egypt

lib/msf/core/exploit/http/wordpress/login.rb

@@ -14,18 +14,41 @@ def wordpress_login(user, pass, timeout = 20)
         'uri' => wordpress_url_login,
         'vars_post' => wordpress_helper_login_post_data(user, pass, redirect)
     }, timeout)
-    if res && res.redirect? && res.redirection && res.redirection.to_s == redirect
-      cookies = res.get_cookies
-      # Check if a valid wordpress cookie is returned
-      return cookies if
-        # current Wordpress
-        cookies =~ /wordpress(?:_sec)?_logged_in_[^=]+=[^;]+;/i ||
-        # Wordpress 2.0
-        cookies =~ /wordpress(?:user|pass)_[^=]+=[^;]+;/i ||
-        # Wordpress 2.5
-        cookies =~ /wordpress_[a-z0-9]+=[^;]+;/i
+    cookies = res.get_cookies
+
+    if cookies && (
+      # current Wordpress (2.6+)
+      cookies =~ /wordpress_(?:sec|logged_in_)[^=]+=[^;]+;/i ||
+      # Wordpress 2.5
+      cookies =~ /wordpress_[a-f0-9]+=[^;]+;/i ||
+      # Wordpress 2.0
+      cookies =~ /wordpress(?:user|pass)_[^=]+=[^;]+;/i
+    )
+
+      service_data = {
+        address: rhost,
+        port: rport,
+        protocol: 'tcp',
+        service_name: 'http',
+        workspace_id: myworkspace.id,
+      }
+
+      cdata = {
+        module_fullname: self.fullname,
+        origin_type: :service,
+        username: user,
+        private_data: pass,
+        private_type: :password,
+      }.merge(service_data)
+
+      core = create_credential(cdata)
+      login_data = { core: core }.merge(service_data)
+
+      create_credential_login(login_data)
+      return cookies
     end
 
+
     nil
   end
 end