From c34b796f13ef77b9cdfd55aebbcbe1a15f8e2dfb Mon Sep 17 00:00:00 2001
From: Auxilus <raghavsphadke@gmail.com>
Date: Mon, 9 Apr 2018 20:14:01 +0530
Subject: [PATCH 1/3] Remove temp file from dist after cmd execution

https://github.com/rapid7/metasploit-framework/issues/9830
---
 modules/post/windows/manage/run_as.rb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/modules/post/windows/manage/run_as.rb b/modules/post/windows/manage/run_as.rb
index 55793f962c..2536e6a929 100644
--- a/modules/post/windows/manage/run_as.rb
+++ b/modules/post/windows/manage/run_as.rb
@@ -121,5 +121,7 @@ class MetasploitModule < Msf::Post
       vprint_status("Thread Id: #{pi[:thread_id]}")
       print_status("Command output:\r\n#{tmpout}") unless tmpout.nil?
     end
+    print_status("Cleaning up...")
+    rm_f(outpath)
   end
 end

From c07f2f1a0948f5e725de4797299dcc164d47b5bf Mon Sep 17 00:00:00 2001
From: Auxilus <raghavsphadke@gmail.com>
Date: Mon, 9 Apr 2018 21:24:16 +0530
Subject: [PATCH 2/3] Update run_as.rb

---
 modules/post/windows/manage/run_as.rb | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/modules/post/windows/manage/run_as.rb b/modules/post/windows/manage/run_as.rb
index 2536e6a929..b11ceeed84 100644
--- a/modules/post/windows/manage/run_as.rb
+++ b/modules/post/windows/manage/run_as.rb
@@ -14,7 +14,7 @@ class MetasploitModule < Msf::Post
       'Description'          => %q(
         This module will login with the specified username/password and execute the
         supplied command as a hidden process. Output is not returned by default, by setting
-        CMDOUT to false output will be redirected to a temp file and read back in to
+        CMDOUT to true output will be redirected to a temp file and read back in to
         display. By setting advanced option SETPASS to true, it will reset the users
         password and then execute the command.
                             ),
@@ -89,7 +89,7 @@ class MetasploitModule < Msf::Post
     outpath = "#{system_temp}\\#{Rex::Text.rand_text_alpha(8)}.txt"
 
     # Create output file and set permissions so everyone can access
-    touch(outpath)
+    touch(outpath) if cmdout
 
     cmdstr = "cmd.exe /c #{cmd}"
     cmdstr = "cmd.exe /c #{cmd} > #{outpath}" if cmdout
@@ -121,7 +121,9 @@ class MetasploitModule < Msf::Post
       vprint_status("Thread Id: #{pi[:thread_id]}")
       print_status("Command output:\r\n#{tmpout}") unless tmpout.nil?
     end
+
     print_status("Cleaning up...")
+    print_status("Removing temp file #{outpath}")
     rm_f(outpath)
   end
 end

From be18930f1283d07909fba2f23c33ac3bffbeceab Mon Sep 17 00:00:00 2001
From: Aaron Soto <aaron_soto@rapid7.com>
Date: Mon, 9 Apr 2018 15:27:50 -0500
Subject: [PATCH 3/3] Cleaned up output, only querying for %WINDIR% if
 necessary

---
 modules/post/windows/manage/run_as.rb | 26 ++++++++++++++------------
 1 file changed, 14 insertions(+), 12 deletions(-)

diff --git a/modules/post/windows/manage/run_as.rb b/modules/post/windows/manage/run_as.rb
index b11ceeed84..f7bd7bd0cb 100644
--- a/modules/post/windows/manage/run_as.rb
+++ b/modules/post/windows/manage/run_as.rb
@@ -85,14 +85,15 @@ class MetasploitModule < Msf::Post
       fail_with(Failure::Unknown, 'Error resetting password') unless reset_pass(user, password)
     end
 
-    system_temp = get_env('WINDIR') << '\\Temp'
-    outpath = "#{system_temp}\\#{Rex::Text.rand_text_alpha(8)}.txt"
-
-    # Create output file and set permissions so everyone can access
-    touch(outpath) if cmdout
-
-    cmdstr = "cmd.exe /c #{cmd}"
-    cmdstr = "cmd.exe /c #{cmd} > #{outpath}" if cmdout
+    # If command output is requested, then create output file and set open permissions
+    if cmdout
+      system_temp = get_env('WINDIR') << '\\Temp'
+      outpath = "#{system_temp}\\#{Rex::Text.rand_text_alpha(8)}.txt"
+      touch(outpath)
+      cmdstr = "cmd.exe /c #{cmd} > #{outpath}"
+    else
+      cmdstr = "cmd.exe /c #{cmd}"
+    end
 
     # Check privs and execute the correct commands
     # if user use createprocesswithlogon, if system logonuser and createprocessasuser
@@ -119,11 +120,12 @@ class MetasploitModule < Msf::Post
       vprint_status("Thread Handle: #{pi[:thread_handle]}")
       vprint_status("Process Id: #{pi[:process_id]}")
       vprint_status("Thread Id: #{pi[:thread_id]}")
-      print_status("Command output:\r\n#{tmpout}") unless tmpout.nil?
+      print_status("Command output:\r\n#{tmpout}") if cmdout
     end
 
-    print_status("Cleaning up...")
-    print_status("Removing temp file #{outpath}")
-    rm_f(outpath)
+    if cmdout
+      print_status("Removing temp file #{outpath}")
+      rm_f(outpath)
+    end
   end
 end