Land #9845 Remove temp file after cmd execution

4.x
Aaron Soto 2018-04-09 15:40:19 -05:00 committed by Metasploit
parent 876df392f1
commit d394146339
No known key found for this signature in database
GPG Key ID: CDFB5FA52007B954
1 changed files with 16 additions and 10 deletions

View File

@ -14,7 +14,7 @@ class MetasploitModule < Msf::Post
'Description' => %q(
This module will login with the specified username/password and execute the
supplied command as a hidden process. Output is not returned by default, by setting
CMDOUT to false output will be redirected to a temp file and read back in to
CMDOUT to true output will be redirected to a temp file and read back in to
display. By setting advanced option SETPASS to true, it will reset the users
password and then execute the command.
),
@ -85,14 +85,15 @@ class MetasploitModule < Msf::Post
fail_with(Failure::Unknown, 'Error resetting password') unless reset_pass(user, password)
end
system_temp = get_env('WINDIR') << '\\Temp'
outpath = "#{system_temp}\\#{Rex::Text.rand_text_alpha(8)}.txt"
# Create output file and set permissions so everyone can access
touch(outpath)
cmdstr = "cmd.exe /c #{cmd}"
cmdstr = "cmd.exe /c #{cmd} > #{outpath}" if cmdout
# If command output is requested, then create output file and set open permissions
if cmdout
system_temp = get_env('WINDIR') << '\\Temp'
outpath = "#{system_temp}\\#{Rex::Text.rand_text_alpha(8)}.txt"
touch(outpath)
cmdstr = "cmd.exe /c #{cmd} > #{outpath}"
else
cmdstr = "cmd.exe /c #{cmd}"
end
# Check privs and execute the correct commands
# if user use createprocesswithlogon, if system logonuser and createprocessasuser
@ -119,7 +120,12 @@ class MetasploitModule < Msf::Post
vprint_status("Thread Handle: #{pi[:thread_handle]}")
vprint_status("Process Id: #{pi[:process_id]}")
vprint_status("Thread Id: #{pi[:thread_id]}")
print_status("Command output:\r\n#{tmpout}") unless tmpout.nil?
print_status("Command output:\r\n#{tmpout}") if cmdout
end
if cmdout
print_status("Removing temp file #{outpath}")
rm_f(outpath)
end
end
end