Module: Msf::Exploit::FileDropper

Defined in:
lib/msf/core/exploit/file_dropper.rb

Instance Method Summary collapse

Instance Method Details

#cleanupObject

While the exploit cleanup do a last attempt to delete any paths created if there is a file_rm/dir_rm method available. Warn the user if any paths were not cleaned up.


91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
# File 'lib/msf/core/exploit/file_dropper.rb', line 91

def cleanup
  super

  if @dropped_files.empty? && @dropped_dirs.empty?
    return
  end

  delay = datastore['FileDropperDelay']
  if delay
    print_status("Waiting #{delay}s before cleanup...")
    sleep(delay)
  end

  # Check if file_rm method is available (local exploit, mixin support, module support)
  if respond_to?(:file_rm)
    @dropped_files.delete_if do |file|
      begin
        file_rm(file)
      rescue ::Exception => e
        vprint_error("Failed to delete #{file}: #{e}")
        elog("Failed to delete #{file}", error: e)
      end
    end
  end

  # Check if dir_rm method is available (local exploit, mixin support, module support)
  if respond_to?(:dir_rm)
    @dropped_dirs.delete_if do |dir|
      if respond_to?(:pwd) && pwd.include?(dir)
        print_warning("Attempting to delete working directory #{dir}")
      end

      begin
        dir_rm(dir)
      rescue ::Exception => e
        vprint_error("Failed to delete #{dir}: #{e}")
        elog("Failed to delete #{dir}", error: e)
      end
    end
  end

  # We don't know for sure if paths have been deleted, so always warn about it to the user
  (@dropped_files + @dropped_dirs).each do |p|
    print_warning("This exploit may require manual cleanup of '#{p}' on the target")
  end
end

#initialize(info = {}) ⇒ Object


6
7
8
9
10
11
12
13
14
15
16
17
# File 'lib/msf/core/exploit/file_dropper.rb', line 6

def initialize(info = {})
  super

  self.needs_cleanup = true
  @dropped_files = []
  @dropped_dirs = []

  register_advanced_options(
    [
      OptInt.new('FileDropperDelay', [false, 'Delay in seconds before attempting cleanup'])
    ])
end

#on_new_session(session) ⇒ void

This method returns an undefined value.

When a new session is created, attempt to delete any paths that the exploit created.


52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
# File 'lib/msf/core/exploit/file_dropper.rb', line 52

def on_new_session(session)
  super

  if session.type == 'meterpreter'
    session.core.use('stdapi') unless session.ext.aliases.include?('stdapi')
  end

  if @dropped_files.empty? && @dropped_dirs.empty?
    return
  end

  @dropped_files.delete_if do |file|
    exists_before = file_dropper_exist?(session, file)

    if file_dropper_delete_file(session, file)
      file_dropper_deleted?(session, file, exists_before)
    end
  end

  @dropped_dirs.delete_if do |dir|
    if file_dropper_check_cwd?(session, dir)
      print_warning("Attempting to delete working directory #{dir}")
    end

    exists_before = file_dropper_exist?(session, dir)

    if file_dropper_delete_dir(session, dir)
      file_dropper_deleted?(session, dir, exists_before)
    end
  end
end

#register_dirs_for_cleanup(*dirs) ⇒ void Also known as: register_dir_for_cleanup

This method returns an undefined value.

Record directory as needing to be cleaned up

Parameters:

  • dirs (Array<String>)

    List of paths on the target that should be deleted during cleanup. Each directory should be either a full path or relative to the current working directory of the session (not necessarily the same as the cwd of the server we're exploiting).


39
40
41
# File 'lib/msf/core/exploit/file_dropper.rb', line 39

def register_dirs_for_cleanup(*dirs)
  @dropped_dirs += dirs
end

#register_files_for_cleanup(*files) ⇒ void Also known as: register_file_for_cleanup

This method returns an undefined value.

Record file as needing to be cleaned up

Parameters:

  • files (Array<String>)

    List of paths on the target that should be deleted during cleanup. Each filename should be either a full path or relative to the current working directory of the session (not necessarily the same as the cwd of the server we're exploiting).


27
28
29
# File 'lib/msf/core/exploit/file_dropper.rb', line 27

def register_files_for_cleanup(*files)
  @dropped_files += files
end