infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Land #9845 Remove temp file after cmd execution

GSoC/Meterpreter_Web_Console
Aaron Soto 2018-04-09 15:40:19 -05:00
parent 251ee7a9e0 be18930f12
commit b83edc0ff6
No known key found for this signature in database
GPG Key ID: A974121808B92094
1 changed files with 16 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
modules/post/windows/manage/run_as.rb
View File

@ -14,7 +14,7 @@ class MetasploitModule < Msf::Post
'Description' => %q(
This module will login with the specified username/password and execute the
supplied command as a hidden process. Output is not returned by default, by setting
CMDOUT to false output will be redirected to a temp file and read back in to
CMDOUT to true output will be redirected to a temp file and read back in to
display. By setting advanced option SETPASS to true, it will reset the users
password and then execute the command.
),
@ -85,14 +85,15 @@ class MetasploitModule < Msf::Post
fail_with(Failure::Unknown, 'Error resetting password') unless reset_pass(user, password)
end
system_temp = get_env('WINDIR') << '\\Temp'
outpath = "#{system_temp}\\#{Rex::Text.rand_text_alpha(8)}.txt"
# Create output file and set permissions so everyone can access
touch(outpath)
cmdstr = "cmd.exe /c #{cmd}"
cmdstr = "cmd.exe /c #{cmd} > #{outpath}" if cmdout
# If command output is requested, then create output file and set open permissions
if cmdout
system_temp = get_env('WINDIR') << '\\Temp'
outpath = "#{system_temp}\\#{Rex::Text.rand_text_alpha(8)}.txt"
touch(outpath)
cmdstr = "cmd.exe /c #{cmd} > #{outpath}"
else
cmdstr = "cmd.exe /c #{cmd}"
end
# Check privs and execute the correct commands
# if user use createprocesswithlogon, if system logonuser and createprocessasuser
@ -119,7 +120,12 @@ class MetasploitModule < Msf::Post
vprint_status("Thread Handle: #{pi[:thread_handle]}")
vprint_status("Process Id: #{pi[:process_id]}")
vprint_status("Thread Id: #{pi[:thread_id]}")
print_status("Command output:\r\n#{tmpout}") unless tmpout.nil?
print_status("Command output:\r\n#{tmpout}") if cmdout
end
if cmdout
print_status("Removing temp file #{outpath}")
rm_f(outpath)
end
end
end