From 6e197ce535898a9035e17a47aa787f99d9a7e323 Mon Sep 17 00:00:00 2001
From: Meatballs <eat_meatballs@hotmail.co.uk>
Date: Sat, 8 Feb 2014 11:37:25 +0000
Subject: [PATCH 1/3] Post get_envs library methods

---
 lib/msf/core/post/common.rb       | 50 +++++++++++++++++++++++++
 test/modules/post/test/get_env.rb | 61 +++++++++++++++++++++++++++++++
 2 files changed, 111 insertions(+)
 create mode 100644 test/modules/post/test/get_env.rb

diff --git a/lib/msf/core/post/common.rb b/lib/msf/core/post/common.rb
index cab869d366..9f8f973aab 100644
--- a/lib/msf/core/post/common.rb
+++ b/lib/msf/core/post/common.rb
@@ -136,4 +136,54 @@ module Msf::Post::Common
     report_host(vm_data)
   end
 
+  #
+  # Returns the value of the environment variable +env+
+  #
+  def get_env(env)
+    case session.type
+    when /meterpreter/
+      return session.sys.config.getenv(env)
+    when /shell/
+      if session.platform =~ /win/
+        if env[0,1] == '%'
+          unless env[-1,1] == '%'
+            env << '%'
+          end
+        else
+          env = "%#{env}%"
+        end
+
+        return cmd_exec("echo #{env}")
+      else
+        unless env[0,1] == '$'
+          env = "$#{env}"
+        end
+
+        return cmd_exec("echo \"#{env}\"")
+      end
+    end
+
+    nil
+  end
+
+  #
+  # Returns a hash of environment variables +envs+
+  #
+  def get_envs(*envs)
+    case session.type
+    when /meterpreter/
+      return session.sys.config.getenvs(*envs)
+    when /shell/
+      result = {}
+      envs.each do |env|
+        result[env] = get_env(env)
+      end
+
+      return result
+    end
+
+    nil
+  end
+
 end
+
diff --git a/test/modules/post/test/get_env.rb b/test/modules/post/test/get_env.rb
new file mode 100644
index 0000000000..6fdbaae8b6
--- /dev/null
+++ b/test/modules/post/test/get_env.rb
@@ -0,0 +1,61 @@
+
+$:.push "test/lib" unless $:.include? "test/lib"
+require 'module_test'
+
+#load 'test/lib/module_test.rb'
+#load 'lib/rex/text.rb'
+#load 'lib/msf/core/post/common.rb'
+
+class Metasploit4 < Msf::Post
+
+  include Msf::ModuleTest::PostTest
+  include Msf::Post::Common
+
+  def initialize(info={})
+    super( update_info( info,
+        'Name'          => 'Testing Get Envs',
+        'Description'   => %q{ This module will test Post::Common get envs API methods },
+        'License'       => MSF_LICENSE,
+        'Author'        => [ 'Ben Campbell'],
+        'Platform'      => [ 'windows', 'linux', 'java', 'python' ],
+        'SessionTypes'  => [ 'meterpreter', 'shell' ]
+      ))
+  end
+
+  def test_get_env_windows
+    if session.platform =~ /win/i
+      it "should return windows path" do
+        path = get_env('WINDIR')
+        path =~ /windows/i
+      end
+
+      it "should handle % signs" do
+        path = get_env('%WINDIR%')
+        path =~ /windows/i
+      end
+    end
+  end
+
+  def test_get_env_nix
+    unless session.platform =~ /win/i
+      it "should return user" do
+        user = get_env('USER')
+        !user.blank?
+     end
+
+      it "should handle $ sign" do
+        user = get_env('$USER')
+        !user.blank?
+      end
+    end
+  end
+
+  def test_get_envs
+    it "should return multiple envs" do
+      res = get_envs('PATH','USERNAME')
+      !res['PATH'].blank? && !res['USERNAME'].blank?
+    end
+  end
+
+end
+

From a5cb03e409e7ca0b4e7dd466dc0dd60f50598224 Mon Sep 17 00:00:00 2001
From: Meatballs <eat_meatballs@hotmail.co.uk>
Date: Sat, 8 Feb 2014 12:12:45 +0000
Subject: [PATCH 2/3] Copy Meterpreter return hash

Dont add a key if no value is found
---
 lib/msf/core/post/common.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/msf/core/post/common.rb b/lib/msf/core/post/common.rb
index 9f8f973aab..8717bc2a31 100644
--- a/lib/msf/core/post/common.rb
+++ b/lib/msf/core/post/common.rb
@@ -176,7 +176,8 @@ module Msf::Post::Common
     when /shell/
       result = {}
       envs.each do |env|
-        result[env] = get_env(env)
+        res = get_env(env)
+        result[env] = res unless res.blank?
       end
 
       return result

From 3d3681801a15bb133f7565cf0df65f13788a928d Mon Sep 17 00:00:00 2001
From: Tod Beardsley <tod_beardsley@rapid7.com>
Date: Thu, 20 Mar 2014 11:48:16 -0500
Subject: [PATCH 3/3] Fix linux download_exec for #2961

Note! This module already seems pretty broken, in that it doesn't appear
to correctly locate curl or wget. Will open another bug on that.

[See RM #8777]
---
 modules/post/linux/manage/download_exec.rb | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/modules/post/linux/manage/download_exec.rb b/modules/post/linux/manage/download_exec.rb
index 71dd963b7f..ec4d50729b 100644
--- a/modules/post/linux/manage/download_exec.rb
+++ b/modules/post/linux/manage/download_exec.rb
@@ -45,13 +45,19 @@ class Metasploit3 < Msf::Post
   end
 
   def exists_exe?(exe)
-    path = session.sys.config.getenv("PATH")
+    vprint_status "Searching for #{exe} in the current $PATH..."
+    path = get_env("PATH")
     if path.nil? or path.empty?
       return false
+      vprint_error "No local $PATH set!"
+    else
+      vprint_status "$PATH is #{path.strip!}"
     end
 
     path.split(":").each{ |p|
-      return true if file_exist?(p + "/" + exe)
+      full_path = p + "/" + exe
+      vprint_status "Searching for '#{full_path}' ..."
+      return true if file_exist?(full_path)
     }
 
     return false