From 834c0e594af489d5b3e3f48aebd98c90fecfd681 Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Mon, 29 Jun 2015 11:36:28 -0500
Subject: [PATCH 1/3] Update multi modules

---
 lib/msf/core/post/common.rb                       | 6 +++++-
 modules/post/multi/gather/multi_command.rb        | 9 ++-------
 modules/post/multi/manage/shell_to_meterpreter.rb | 4 ++--
 modules/post/multi/manage/system_session.rb       | 2 +-
 4 files changed, 10 insertions(+), 11 deletions(-)

diff --git a/lib/msf/core/post/common.rb b/lib/msf/core/post/common.rb
index f6bb9f8de1..7f4db478d9 100644
--- a/lib/msf/core/post/common.rb
+++ b/lib/msf/core/post/common.rb
@@ -122,7 +122,11 @@ module Msf::Post::Common
 
       process.close
     when /shell/
-      o = session.shell_command_token("#{cmd} #{args}", time_out)
+      if args.nil? || args.empty?
+        o = session.shell_command_token("#{cmd}", time_out)
+      else
+        o = session.shell_command_token("#{cmd} #{args}", time_out)
+      end
       o.chomp! if o
     end
     return "" if o.nil?
diff --git a/modules/post/multi/gather/multi_command.rb b/modules/post/multi/gather/multi_command.rb
index 08e9822b86..c16ef69a6c 100644
--- a/modules/post/multi/gather/multi_command.rb
+++ b/modules/post/multi/gather/multi_command.rb
@@ -16,7 +16,7 @@ class Metasploit3 < Msf::Post
         'License'       => MSF_LICENSE,
         'Author'        => [ 'Carlos Perez <carlos_perez[at]darkoperator.com>'],
         'Platform'      => %w{ bsd linux osx unix win },
-        'SessionTypes'  => [ 'meterpreter','shell' ]
+        'SessionTypes'  => ['meterpreter']
       ))
     register_options(
       [
@@ -27,7 +27,6 @@ class Metasploit3 < Msf::Post
 
   # Run Method for when run command is issued
   def run
-    session_type = session.type
     print_status("Running module against #{sysinfo['Computer']}")
     if not ::File.exists?(datastore['RESOURCE'])
       raise "Resource File does not exists!"
@@ -41,11 +40,7 @@ class Metasploit3 < Msf::Post
           tmpout << "      Output of #{cmd}\n"
           tmpout << "*****************************************\n"
           print_status "Running command #{cmd.chomp}"
-          if session_type =~ /meterpreter/
-            tmpout << cmd_exec(cmd.chomp)
-          elsif session_type =~ /shell/
-            tmpout << session.shell_command_token(cmd.chomp).chomp
-          end
+          tmpout << cmd_exec(cmd.chomp)
           vprint_status tmpout
           command_log = store_loot("host.command", "text/plain", session,tmpout ,
             "#{cmd.gsub(/\.|\/|\s/,"_")}.txt", "Command Output \'#{cmd.chomp}\'")
diff --git a/modules/post/multi/manage/shell_to_meterpreter.rb b/modules/post/multi/manage/shell_to_meterpreter.rb
index 4874b403a3..d871740401 100644
--- a/modules/post/multi/manage/shell_to_meterpreter.rb
+++ b/modules/post/multi/manage/shell_to_meterpreter.rb
@@ -196,12 +196,12 @@ class Metasploit3 < Msf::Post
       sent = 0
       aborted = false
       cmds.each { |cmd|
-        ret = session.shell_command_token(cmd)
+        ret = cmd_exec(cmd)
         if !ret
           aborted = true
         else
           ret.strip!
-          aborted = true if !ret.empty?
+          aborted = true if !ret.empty? && ret !~ /The process tried to write to a nonexistent pipe./
         end
         if aborted
           print_error('Error: Unable to execute the following command: ' + cmd.inspect)
diff --git a/modules/post/multi/manage/system_session.rb b/modules/post/multi/manage/system_session.rb
index 299cd0a965..7042d04d9f 100644
--- a/modules/post/multi/manage/system_session.rb
+++ b/modules/post/multi/manage/system_session.rb
@@ -59,7 +59,7 @@ class Metasploit3 < Msf::Post
 
     if not cmd.empty?
       print_status("Executing reverse tcp shel to #{lhost} on port #{lport}")
-      session.shell_command_token("(#{cmd} &)")
+      cmd_exec("(#{cmd} &)")
     end
   end
 

From 656e6f5c7353cc624b8fbf8f02601f2a639e5165 Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Mon, 29 Jun 2015 11:56:38 -0500
Subject: [PATCH 2/3] Fix windows enum modules

---
 modules/post/windows/gather/enum_computers.rb     | 3 +--
 modules/post/windows/gather/enum_domain_tokens.rb | 4 ++--
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/modules/post/windows/gather/enum_computers.rb b/modules/post/windows/gather/enum_computers.rb
index b7a921fd93..8ecc9ee524 100644
--- a/modules/post/windows/gather/enum_computers.rb
+++ b/modules/post/windows/gather/enum_computers.rb
@@ -29,7 +29,6 @@ class Metasploit3 < Msf::Post
   def run
     print_status("Running module against #{sysinfo['Computer']}") if not sysinfo.nil?
     domain = get_domain()
-
     if not domain.empty?
       hostname_list = get_domain_computers()
       list_computers(domain, hostname_list)
@@ -49,7 +48,7 @@ class Metasploit3 < Msf::Post
   def get_domain_computers()
     computer_list = []
     devisor = "-------------------------------------------------------------------------------\r\n"
-    raw_list = client.shell_command_token("net view").split(devisor)[1]
+    raw_list = cmd_exec('net view').split(devisor)[1]
     if raw_list =~ /The command completed successfully/
       raw_list.sub!(/The command completed successfully\./,'')
       raw_list.gsub!(/\\\\/,'')
diff --git a/modules/post/windows/gather/enum_domain_tokens.rb b/modules/post/windows/gather/enum_domain_tokens.rb
index 9480d1fb3d..c917d0be8d 100644
--- a/modules/post/windows/gather/enum_domain_tokens.rb
+++ b/modules/post/windows/gather/enum_domain_tokens.rb
@@ -58,7 +58,7 @@ class Metasploit3 < Msf::Post
   # List local group members
   def list_group_mem(group)
     devisor = "-------------------------------------------------------------------------------\r\n"
-    raw_list = client.shell_command_token("net localgroup #{group}").split(devisor)[1]
+    raw_list = cmd_exec("net localgroup #{group}").split(devisor)[1]
     account_list = raw_list.split("\r\n")
     account_list.delete("The command completed successfully.")
     return account_list
@@ -68,7 +68,7 @@ class Metasploit3 < Msf::Post
   def list_domain_group_mem(group)
     account_list = []
     devisor = "-------------------------------------------------------------------------------\r\n"
-    raw_list = client.shell_command_token("net groups \"#{group}\" /domain").split(devisor)[1]
+    raw_list = cmd_exec("net groups \"#{group}\" /domain").split(devisor)[1]
     raw_list.split(" ").each do |m|
       account_list << m
     end

From 02cd2a9cd9091c492dfee191073c903dc5a165e5 Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Mon, 29 Jun 2015 12:07:37 -0500
Subject: [PATCH 3/3] Fix #3951 Update Windows::Registry to use cmd_exec

---
 lib/msf/core/post/windows/registry.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/msf/core/post/windows/registry.rb b/lib/msf/core/post/windows/registry.rb
index 26ee1d7701..720e49dbef 100644
--- a/lib/msf/core/post/windows/registry.rb
+++ b/lib/msf/core/post/windows/registry.rb
@@ -170,7 +170,7 @@ protected
     elsif view == REGISTRY_VIEW_64_BIT
       cmd += " /reg:64"
     end
-    session.shell_command_token_win32("#{cmd} #{suffix}")
+    cmd_exec("#{cmd} #{suffix}")
   end
 
   def shell_registry_cmd_result(suffix, view = REGISTRY_VIEW_NATIVE)