infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Made changes to cleanup to use file_dropper instead

bug/bundler_fix
Royce Davis 2013-01-15 16:24:16 -06:00
parent 7361e1041f
commit 6773a10632
1 changed files with 16 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
lib/msf/core/exploit/psexec.rb
View File

@ -12,6 +12,7 @@ module Exploit::Remote::Psexec
include Msf::Exploit::Remote::DCERPC
include Msf::Exploit::Remote::SMB
include Msf::Exploit::FileDropper
# Retrieves output from the executed command
#
@ -47,7 +48,7 @@ module Exploit::Remote::Psexec
# @param command [String] Should be a valid windows command
# @return [Boolean] true if everything wen't well
def psexec(command)
print_status("#{peer} - Executing: #{command}")
simple.connect("IPC$")
handle = dcerpc_handle('367abb81-9844-35f1-ad32-98f038001003', '2.0', 'ncacn_np', ["\\svcctl"])
@ -157,33 +158,19 @@ module Exploit::Remote::Psexec
return true
end
# This is the cleanup method, removes .txt and .bat file/s created
# during execution
# This method is called by file_dropper to remove files droped
# By your module
#
# @example
# cleanup_after("C$", rhost, '\WINDOWS\Temp\output.txt', 'C:\WINDOWS\Temp\batchfile.bat')
# file_rm('C:\WINDOWS\Temp\output.txt')
#
# @param smbshare [String] The SMBshare to connect to. Usually C$
# @param ip [String] IP address of remote host to connect to
# @param text [String] Path to the text file relative to the smbshare
# @param bat [String] Full path to the batch file created
# @return [StandarError] only in the event of an error
def cleanup_after(smbshare, ip, text, bat)
begin
# Try and do cleanup command/s
cleanup = "%COMSPEC% /C del %SYSTEMDRIVE%#{text} & del #{bat}"
print_status("#{peer} - Executing cleanup...")
psexec(cleanup)
if !check_cleanup(smbshare, ip, text)
print_error("#{peer} - Unable to cleanup. Make sure to manually remove files from the target.")
else
print_status("#{peer} - Cleanup was successful")
end
rescue StandardError => cleanuperror
print_error("#{peer} - Unable to processes cleanup commands. Error: #{cleanuperror}")
print_error("#{peer} - Make sure to manually remove files from the target")
return cleanuperror
end
# @param file [String] Full path to a file on the remote host
# @return [StandardError] only in the event of an error
def file_rm(file)
delete = "%COMSPEC% /C del #{file}"
print_status("#{peer} - Deleting #{file}")
psexec(delete)
print_status("#{peer} - Command Ran")
end
# Make sure the cleanup command worked