store the credential using the new store_valid_credential

Author: jmartin-tech

lib/msf/core/exploit/http/wordpress/login.rb

@@ -16,39 +16,14 @@ def wordpress_login(user, pass, timeout = 20)
     }, timeout)
     if res && res.redirect? && res.redirection && res.redirection.to_s == redirect
       cookies = res.get_cookies
-    end
-
-    if cookies && (
-      # current Wordpress (2.6+)
-      cookies =~ /wordpress_(?:sec|logged_in_)[^=]+=[^;]+;/i ||
-      # Wordpress 2.5
-      cookies =~ /wordpress_[a-z0-9]+=[^;]+;/i ||
-      # Wordpress 2.0
-      cookies =~ /wordpress(?:user|pass)_[^=]+=[^;]+;/i
-    )
-
-      service_data = {
-        address: rhost,
-        port: rport,
-        protocol: 'tcp',
-        service_name: 'http',
-        workspace_id: myworkspace_id,
-      }
-
-      cdata = {
-        module_fullname: self.fullname,
-        origin_type: :service,
-        username: user,
-        private_data: pass,
-        private_type: :password,
-      }.merge(service_data)
-
-      core = create_credential(cdata)
-      login_data = { core: core }.merge(service_data)
-
-      create_credential_login(login_data)
-
-      return cookies
+      # Check if a valid wordpress cookie is returned
+      return cookies if
+        # current Wordpress
+        cookies =~ /wordpress(?:_sec)?_logged_in_[^=]+=[^;]+;/i ||
+        # Wordpress 2.0
+        cookies =~ /wordpress(?:user|pass)_[^=]+=[^;]+;/i ||
+        # Wordpress 2.5
+        cookies =~ /wordpress_[a-z0-9]+=[^;]+;/i
     end
 
     nil

modules/exploits/unix/webapp/wp_admin_shell_upload.rb

@@ -43,6 +43,7 @@ def initialize(info = {})
   def check
     cookie = wordpress_login(username, password)
     if cookie.nil?
+      store_valid_credential(user: username, private: password, proof: cookie)
       return CheckCode::Safe
     end