From 5c06cdca737805685ca57fec13f4709277849f72 Mon Sep 17 00:00:00 2001
From: Brendan Coles <bcoles@gmail.com>
Date: Sun, 25 Nov 2018 05:09:16 +0000
Subject: [PATCH] Replace WsfDelay with WfsDelay - Fixes #11018

---
 .../exploits/windows/local/ppr_flatten_rec.rb | 21 +++----------------
 1 file changed, 3 insertions(+), 18 deletions(-)

diff --git a/modules/exploits/windows/local/ppr_flatten_rec.rb b/modules/exploits/windows/local/ppr_flatten_rec.rb
index 7cd504f36e..32d90f4800 100644
--- a/modules/exploits/windows/local/ppr_flatten_rec.rb
+++ b/modules/exploits/windows/local/ppr_flatten_rec.rb
@@ -40,6 +40,7 @@ class MetasploitModule < Msf::Exploit::Local
       'DefaultOptions' =>
         {
           'EXITFUNC' => 'thread',
+          'WfsDelay' => 30
         },
       'Targets'        =>
         [
@@ -59,18 +60,8 @@ class MetasploitModule < Msf::Exploit::Local
           [ 'URL', 'https://seclists.org/fulldisclosure/2013/May/91' ],
         ],
       'DisclosureDate' => 'May 15 2013',
-      'DefaultTarget'  => 0,
-      # TODO: Uncomment this line and remove the Rex.sleep when WsfDelay works properly.
-      # Wait for up to 30 seconds by default for our shell because this exploit can
-      # take quite a while to finish execute
-      #'DefaultOptions' => { 'WfsDelay' => 30 }
+      'DefaultTarget'  => 0
     }))
-
-    # TODO: remove this when we've sorted out the WsfDelay issue.
-    register_options([
-      OptInt.new('WAIT', [ true, "Number of seconds to wait for exploit to run", 10 ])
-    ])
-
   end
 
   def check
@@ -154,12 +145,6 @@ class MetasploitModule < Msf::Exploit::Local
     print_status("Payload injected. Executing exploit...")
     host_process.thread.create(exploit_mem + offset, payload_mem)
 
-    # TODO: remove this Rex.sleep call when the WsfDelay stuff works correctly for local
-    # exploits. For some reason it doesn't appear to work properly.
-    wait = datastore['WAIT'].to_i
-    print_status("Exploit thread executing (can take a while to run), waiting #{wait} sec ...")
-    Rex.sleep(wait)
-
-    print_good("Exploit finished, wait for (hopefully privileged) payload execution to complete.")
+    print_status("Exploit thread executing (can take a while to run), waiting #{datastore['WfsDelay']} sec ...")
   end
 end