Module: Msf::Exploit::FileDropper

Defined in:

lib/msf/core/exploit/file_dropper.rb

Instance Method Summary

• #allow_no_cleanup ⇒ Object
• #cleanup ⇒ Object

  While the exploit cleanup do a last attempt to delete any paths created if there is a file_rm/dir_rm method available.

• #initialize(info = {}) ⇒ Object
• #on_new_session(session) ⇒ void

  When a new session is created, attempt to delete any paths that the exploit created.

• #register_dirs_for_cleanup(*dirs) ⇒ void (also: #register_dir_for_cleanup)

  Record directory as needing to be cleaned up.

• #register_files_for_cleanup(*files) ⇒ void (also: #register_file_for_cleanup)

  Record file as needing to be cleaned up.

Instance Method Details

#allow_no_cleanup ⇒ Object

# File 'lib/msf/core/exploit/file_dropper.rb', line 46

def allow_no_cleanup
  datastore['AllowNoCleanup']
end

#cleanup ⇒ Object

While the exploit cleanup do a last attempt to delete any paths created if there is a file_rm/dir_rm method available. Warn the user if any paths were not cleaned up.

See Also:

• Msf::Exploit#cleanup
• Post::File#file_rm
• Post::File#dir_rm

# File 'lib/msf/core/exploit/file_dropper.rb', line 110

def cleanup
  super

  if @dropped_files.empty? && @dropped_dirs.empty?
    return
  end

  delay = datastore['FileDropperDelay']
  if delay
    print_status("Waiting #{delay}s before cleanup...")
    sleep(delay)
  end

  # Check if file_rm method is available (local exploit, mixin support, module support)
  if respond_to?(:file_rm)
    @dropped_files.delete_if do |file|
      begin
        file_rm(file)
      rescue ::Exception => e
        vprint_error("Failed to delete #{file}: #{e}")
        elog("Failed to delete #{file}", error: e)
      end
    end
  end

  # Check if dir_rm method is available (local exploit, mixin support, module support)
  if respond_to?(:dir_rm)
    @dropped_dirs.delete_if do |dir|
      if respond_to?(:pwd) && pwd.include?(dir)
        print_warning("Attempting to delete working directory #{dir}")
      end

      begin
        dir_rm(dir)
      rescue ::Exception => e
        vprint_error("Failed to delete #{dir}: #{e}")
        elog("Failed to delete #{dir}", error: e)
      end
    end
  end

  # We don't know for sure if paths have been deleted, so always warn about it to the user
  (@dropped_files + @dropped_dirs).each do |p|
    print_warning("This exploit may require manual cleanup of '#{p}' on the target")
  end
end

#initialize(info = {}) ⇒ Object

# File 'lib/msf/core/exploit/file_dropper.rb', line 6

def initialize(info = {})
  super(
    update_info(
      info,
      'Compat' => {
        'Meterpreter' => {
          'Commands' => %w[
            stdapi_fs_delete_dir
            stdapi_fs_delete_file
            stdapi_fs_getwd
            stdapi_fs_stat
          ]
        }
      }
    )
  )

  self.needs_cleanup = true
  @dropped_files = []
  @dropped_dirs = []

  register_advanced_options(
    [
      OptInt.new('FileDropperDelay', [false, 'Delay in seconds before attempting cleanup']),
      OptBool.new('AllowNoCleanup', [false, 'Allow exploitation without the possibility of cleaning up files'])
    ])
end

#on_new_session(session) ⇒ void

This method returns an undefined value.

When a new session is created, attempt to delete any paths that the exploit created.

# File 'lib/msf/core/exploit/file_dropper.rb', line 71

def on_new_session(session)
  super

  if session.type == 'meterpreter'
    session.core.use('stdapi') unless session.ext.aliases.include?('stdapi')
  end

  if @dropped_files.empty? && @dropped_dirs.empty?
    return
  end

  @dropped_files.delete_if do |file|
    exists_before = file_dropper_exist?(session, file)

    if file_dropper_delete_file(session, file)
      file_dropper_deleted?(session, file, exists_before)
    end
  end

  @dropped_dirs.delete_if do |dir|
    if file_dropper_check_cwd?(session, dir)
      print_warning("Attempting to delete working directory #{dir}")
    end

    exists_before = file_dropper_exist?(session, dir)

    if file_dropper_delete_dir(session, dir)
      file_dropper_deleted?(session, dir, exists_before)
    end
  end
end

#register_dirs_for_cleanup(*dirs) ⇒ void Also known as: register_dir_for_cleanup

This method returns an undefined value.

Record directory as needing to be cleaned up

Parameters:

• dirs (Array<String>) —

  List of paths on the target that should be deleted during cleanup. Each directory should be either a full path or relative to the current working directory of the session (not necessarily the same as the cwd of the server we're exploiting).

# File 'lib/msf/core/exploit/file_dropper.rb', line 58

def register_dirs_for_cleanup(*dirs)
  @dropped_dirs += dirs.map(&:dup)
end

#register_files_for_cleanup(*files) ⇒ void Also known as: register_file_for_cleanup

This method returns an undefined value.

Record file as needing to be cleaned up

Parameters:

• files (Array<String>) —

  List of paths on the target that should be deleted during cleanup. Each filename should be either a full path or relative to the current working directory of the session (not necessarily the same as the cwd of the server we're exploiting).

# File 'lib/msf/core/exploit/file_dropper.rb', line 42

def register_files_for_cleanup(*files)
  @dropped_files += files.map(&:dup)
end