James Lee
88 lines
2.3 KiB
Ruby
88 lines
2.3 KiB
Ruby
# -*- coding: binary -*-
|
|
|
|
module Msf
|
|
module Exploit::FileDropper
|
|
|
|
#
|
|
# When a new session is created, attempt to delete any files that the
|
|
# exploit created.
|
|
#
|
|
# @param (see Msf::Exploit#on_new_session)
|
|
# @return [void]
|
|
#
|
|
def on_new_session(session)
|
|
if session.type == "meterpreter"
|
|
session.core.use("stdapi") unless session.ext.aliases.include?("stdapi")
|
|
end
|
|
|
|
@dropped_files.delete_if do |file|
|
|
win_file = file.gsub("/", "\\\\")
|
|
if session.type == "meterpreter"
|
|
begin
|
|
# Meterpreter should do this automatically as part of
|
|
# fs.file.rm(). Until that has been implemented, remove the
|
|
# read-only flag with a command.
|
|
session.shell_command_token(%Q|attrib.exe -r "#{win_file}"|)
|
|
session.fs.file.rm(file)
|
|
print_good("Deleted #{file}")
|
|
true
|
|
rescue ::Rex::Post::Meterpreter::RequestError
|
|
false
|
|
end
|
|
else
|
|
cmds = [
|
|
%Q|attrib.exe -r "#{win_file}"|,
|
|
%Q|del.exe /f /q "#{win_file}"|,
|
|
%Q|rm -f "#{file}" >/dev/null|,
|
|
]
|
|
|
|
# We need to be platform-independent here. Since we can't be
|
|
# certain that {#target} is accurate because exploits with
|
|
# automatic targets frequently change it, we just go ahead and
|
|
# run both a windows and a unixy command in the same line. One
|
|
# of them will definitely fail and the other will probably
|
|
# succeed. Doing it this way saves us an extra round-trip.
|
|
session.shell_command_token(cmds.join(" ; "))
|
|
print_good("Deleted #{file}")
|
|
true
|
|
end
|
|
end
|
|
|
|
super
|
|
end
|
|
|
|
#
|
|
# Record file as needing to be cleaned up
|
|
#
|
|
# @param [Array<String>] files List of paths on the target that should
|
|
# be deleted during cleanup. Each filename should be either a full
|
|
# path or relative to the current working directory of the session
|
|
# (not necessarily the same as the cwd of the server we're
|
|
# exploiting).
|
|
# @return [void]
|
|
def register_files_for_cleanup(*files)
|
|
@dropped_files ||= []
|
|
@dropped_files += files
|
|
|
|
nil
|
|
end
|
|
|
|
# Singular version
|
|
alias register_file_for_cleanup register_files_for_cleanup
|
|
|
|
#
|
|
# Warn the user if any files (registered with {#register_dropped_file}) were
|
|
# not cleaned up
|
|
#
|
|
# @see Msf::Exploit#cleanup
|
|
def cleanup
|
|
super
|
|
if @dropped_files and @dropped_files.any?
|
|
@dropped_files.each do |f|
|
|
print_warning("This exploit may require manual cleanup of: #{f}")
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|