My First Try on Exploit Development !
In the domain of Cyber Security, going for the easiest route (automating all tasks with Metasploit) is not always a good choice, especially if you are at the beginning of the road (just like me).
Metasploit is a convenient tool and has a plethora of applications, BUT it takes the focus away from what you are actually exploiting and why something is vulnerable. So being able to examine a proof of concept (POC) code and craft custom payloads will allows you to fully understand the complex details of the vulnerability that you are exploiting (and somehow improve your exploit development skills).
From here, and while I was working on Tryhackme blog room : https://tryhackme.com/room/blog without using Metasploit;
After some enumeration, I found that the host is a wordpress website that is vulnerable to remote code executing via : WordPress Core 5.0.0 - Crop-image Shell Upload (Metasploit) : https://www.exploit-db.com/exploits/46662 .
Using the above exploit, I said why not taking the hardest path and trying to make a working exploit for this vulnerability using python.
I begin with analyzing the ruby source code of the Metasploit module, and then converting it to python. After I lot of failure as I’m not good a ruby (more than 100 tries), It worked as intended and I got a shell back.
Searching in ExploitDB if there is an exploit of this bug. I found nothing so I though why not sending mine and see if it’s gonna be accepted or not. So that’s it, this is my first try on exploit development, my source code in now on ExploitDB : https://www.exploit-db.com/exploits/49512 (I hope it will be accepted even that I made a typo in the CVE numbers)
A video demo in my github repository : https://github.com/v0lck3r/CVE-2019-8943