diff --git a/modules/exploits/windows/local/ppr_flatten_rec.rb b/modules/exploits/windows/local/ppr_flatten_rec.rb index 7cd504f36e..32d90f4800 100644 --- a/modules/exploits/windows/local/ppr_flatten_rec.rb +++ b/modules/exploits/windows/local/ppr_flatten_rec.rb @@ -40,6 +40,7 @@ class MetasploitModule < Msf::Exploit::Local 'DefaultOptions' => { 'EXITFUNC' => 'thread', + 'WfsDelay' => 30 }, 'Targets' => [ @@ -59,18 +60,8 @@ class MetasploitModule < Msf::Exploit::Local [ 'URL', 'https://seclists.org/fulldisclosure/2013/May/91' ], ], 'DisclosureDate' => 'May 15 2013', - 'DefaultTarget' => 0, - # TODO: Uncomment this line and remove the Rex.sleep when WsfDelay works properly. - # Wait for up to 30 seconds by default for our shell because this exploit can - # take quite a while to finish execute - #'DefaultOptions' => { 'WfsDelay' => 30 } + 'DefaultTarget' => 0 })) - - # TODO: remove this when we've sorted out the WsfDelay issue. - register_options([ - OptInt.new('WAIT', [ true, "Number of seconds to wait for exploit to run", 10 ]) - ]) - end def check @@ -154,12 +145,6 @@ class MetasploitModule < Msf::Exploit::Local print_status("Payload injected. Executing exploit...") host_process.thread.create(exploit_mem + offset, payload_mem) - # TODO: remove this Rex.sleep call when the WsfDelay stuff works correctly for local - # exploits. For some reason it doesn't appear to work properly. - wait = datastore['WAIT'].to_i - print_status("Exploit thread executing (can take a while to run), waiting #{wait} sec ...") - Rex.sleep(wait) - - print_good("Exploit finished, wait for (hopefully privileged) payload execution to complete.") + print_status("Exploit thread executing (can take a while to run), waiting #{datastore['WfsDelay']} sec ...") end end