Add support for shell sessions in FileDropper

2012-11-16 15:51:54 -06:00 · 2012-11-16 15:51:54 -06:00 · 591b085858
parent 3363475f99
commit 591b085858
2 changed files with 13 additions and 45 deletions
--- a/lib/msf/core/exploit/file_dropper.rb
+++ b/lib/msf/core/exploit/file_dropper.rb
@ -25,11 +25,19 @@ module Exploit::FileDropper
 					false
 				end
 			else
-				# Need to be platform-independent here. Not sure of the best way
-				# to do that since we can't be certain that {#target} is
-				# accurate; exploits with automatic targets frequently change
-				# it.
-				false
+				win_file = file.gsub("/", "\\\\")
+				win_cmd  = %Q|del.exe /f /q "#{win_file}"|
+				unix_cmd = %Q|rm -f "#{file}" >/dev/null|
+
+				# We need to be platform-independent here. Since we can't be
+				# certain that {#target} is accurate because exploits with
+				# automatic targets frequently change it, we just go ahead and
+				# run both a windows and a unixy command in the same line. One
+				# of them will definitely fail and the other will probably
+				# succeed. Doing it this way saves us an extra round-trip.
+				session.shell_command_token(%Q|#{win_cmd} ; #{unix_cmd}|)
+				print_good("Deleted #{file}")
+				true
 			end
 		end

--- a/modules/exploits/multi/http/manageengine_search_sqli.rb
+++ b/modules/exploits/multi/http/manageengine_search_sqli.rb
@ -97,46 +97,6 @@ class Metasploit3 < Msf::Exploit::Remote
 		return nil
 	end

-
-=begin
-Now covered by FileDropper mixin. Keep it here, commented out, for now
-since FileDropper doesn't cover shell sessions yet.
-
-	#
-	# We're in SecurityManager/bin at this point
-	#
-	def on_new_session(cli)
-		if target['Platform'] == 'linux'
-			print_warning("Malicious executable is removed during payload execution")
-		end
-
-		if cli.type == 'meterpreter'
-			cli.core.use("stdapi") if not cli.ext.aliases.include?("stdapi")
-		end
-
-		@clean_ups.each { |f|
-			base = File.basename(f)
-			f = "../webapps/SecurityManager/#{base}"
-			print_warning("#{rhost}:#{rport} - Deleting: \"#{base}\"")
-
-			begin
-				if cli.type == 'meterpreter'
-					cli.fs.file.rm(f)
-				else
-					del_cmd = (@my_target['Platform'] == 'linux') ? 'rm' : 'del'
-					f = f.gsub(/\//, '\\') if @my_target['Platform'] == 'win'
-					cli.shell_command_token("#{del_cmd} \"#{f}\"")
-				end
-
-				print_good("#{rhost}:#{rport} - \"#{base}\" deleted")
-			rescue ::Exception => e
-				print_error("Unable to delete: #{e.message}")
-			end
-		}
-	end
-=end
-
-
 	#
 	# Embeds our executable in JSP
 	#