adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updated How to clean up files using FileDropper (markdown)

Browse Source
This commit is contained in:
sinn3r
2014-07-28 14:20:55 -07:00
parent 1752fa4801
commit d4e52882c9
1 changed files with 34 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
How-to-clean-up-files-using-FileDropper.md
+34 -2
View File
@@ -1,3 +1,35 @@
In some exploitation scenarios such as local privilege escalation, command execution, write-only attacks, SQL Injections, etc, it is very likely that you have to upload one or more malicious files in order to gain control of the target machine. Well, a smart attacker shouldn't leave anything behind, so if a module needs to drop something onto the file system, it's important to remove it right after the purpose is served.
### Introduction
Metasploit offers a way to manage these soon-to-be-removed files, and it's simple to use.
In some exploitation scenarios such as local privilege escalation, command execution, write-only attacks, SQL Injections, etc, it is very likely that you have to upload one or more malicious files in order to gain control of the target machine. Well, a smart attacker shouldn't leave anything behind, so if a module needs to drop something onto the file system, it's important to remove it right after the purpose is served. And that is why we created the FileDropper mixin.
### Examples
The FileDropper mixin is a file manager that allows you keep track of files, and then delete them when a session is created. To use it, first to include the mixin like so:
```ruby
include Msf::Exploit::FileDropper
```
Next, tell the FileDropper mixin where the file is going to be after a session is created by using the ```register_file_for_cleanup``` method. Each file name should either be a full path, or relative to the current working directory of the session. For example, if I want to upload a payload to the target machine's remote path: ```C:\Windows\System32\payload.exe```, then my statement can be:
```ruby
register_file_for_cleanup("C:\\Windows\\System32\\payload.exe")
```
If my session's current directory is already in ```C:\Windows\System32\```, then I can simply do:
```ruby
register_file_for_cleanup("payload.exe")
```
If you wish to register multiple files, you can also provide the file names as arguments:
```ruby
register_file_for_cleanup("file_1.vbs", "file_2.exe", ""file_1.conf")
```
Note that if your exploit module uses ```on_new_session```, you are actually overriding FileDropper's ```on_new_session```.
### Reference
https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/core/exploit/file_dropper.rb