From cb270cd57a541f456479fa2e6bb034bb97c01dd8 Mon Sep 17 00:00:00 2001
From: asoto-r7 <aaron_soto@rapid7.com>
Date: Sun, 26 May 2019 14:47:20 -0500
Subject: [PATCH] WIP: Adding default pingback payload to parent check method

---
 lib/msf/core/exploit.rb | 51 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 51 insertions(+)

diff --git a/lib/msf/core/exploit.rb b/lib/msf/core/exploit.rb
index feb546ddce..abcef45eab 100644
--- a/lib/msf/core/exploit.rb
+++ b/lib/msf/core/exploit.rb
@@ -360,6 +360,57 @@ class Exploit < Msf::Module
   #
   ##
 
+  #
+  # The check method performs a benign attack against the target.  Ideally,
+  # it will be overwritten by the exploit module with a more specific
+  # vulnerability-specific technique.  However, if the module is not over-
+  # written, let's use the exploit method, alongside a pingback payload,
+  # to determine if the target is vulnerable.
+  #
+
+  def check
+    first_target = find_target_supporting_pingback_payload
+    if first_target
+      datastore['TARGET'] = first_target
+      vprint_status "Found a target that supports pingback payloads: #{first_target} (#{targets[first_target].name})"
+
+      datastore['PAYLOAD'] = find_pingback_payload_in_target
+      vprint_status "Configuring a pingback payload: #{self.payload_instance}"
+      require 'pry'; binding.pry
+      generate_payload
+
+      exploit
+    else
+      vprint_error "No targets within this module support pingback payload."
+      return false
+    end
+  end
+
+  def find_target_supporting_pingback_payload
+    k = 0
+    targets.each do |target|
+      datastore['TARGET'] = k
+
+      first_payload = find_pingback_payload_in_target
+      if first_payload
+        return k
+      else
+        #vprint_status "#{target.name} does not support pingback payloads"
+      end
+      k = k+1
+    end
+    return false
+  end
+
+  def find_pingback_payload_in_target
+    compatible_payloads.each do |payload|
+      if payload[0].include? 'pingback'
+        return payload[0]
+      end
+    end
+    return false
+  end
+
   #
   # Kicks off the actual exploit.  Prior to this call, the framework will
   # have validated the data store using the options associated with this