Verify deletion at on_new_session moment

Author: jvazquez-r7

lib/msf/core/exploit/file_dropper.rb

@@ -3,6 +3,8 @@
 module Msf
 module Exploit::FileDropper
 
+  attr_accessor :session
+
   def initialize(info = {})
     super
 
@@ -20,7 +22,18 @@ def initialize(info = {})
   # @return [void]
   #
   def on_new_session(session)
-    super(session)
+    super
+
+    print_status("new session...")
+    on_new_session_job(session)
+  end
+
+  def on_new_session_job(new_session)
+    if session
+      session_orig = session
+    end
+
+    self.session = new_session
 
     if session.type == 'meterpreter'
       session.core.use('stdapi') unless session.ext.aliases.include?('stdapi')
@@ -31,13 +44,20 @@ def on_new_session(session)
     end
 
     @dropped_files.delete_if do |file|
+      puts "Deleting #{file}"
       exists_before = file_dropper_check_file(file)
       if file_dropper_delete(file)
         file_dropper_deleted?(file, exists_before)
       else
         false
       end
     end
+
+    if session_orig
+      self.session = session_orig
+    else
+      self.session = nil
+    end
   end
 
   #
@@ -108,6 +128,7 @@ def file_dropper_win_file(file)
   end
 
   def file_dropper_delete(file)
+    puts "Deleting #{file}"
     win_file = file_dropper_win_file(file)
 
     if session.type == 'meterpreter'
@@ -124,6 +145,7 @@ def file_dropper_delete(file)
         false
       end
     else
+      puts "Deleting with shell"
       win_cmds = [
         %Q|attrib.exe -r "#{win_file}"|,
         %Q|del.exe /f /q "#{win_file}"|
@@ -141,16 +163,19 @@ def file_dropper_delete(file)
   end
 
   def file_dropper_check_file(file)
+    puts "Checking file... #{file}"
     if session.platform =~ /win/
       normalized = file_dropper_win_file(file)
     else
       normalized = file
     end
 
+    puts "Checking normalized file... #{file}"
     Msf::Post::File.file_exist?(normalized)
   end
 
   def file_dropper_deleted?(file, exists_before)
+    puts "Deleted? ... #{file}"
     if exists_before  && file_dropper_check_file(file)
       print_error("Unable to delete #{file}")
       false

modules/exploits/multi/http/struts_code_exec_classloader.rb

@@ -271,9 +271,7 @@ def class_loader_exploit
       fail_with(Failure::Unknown, "#{peer} - The log file hasn't been flushed")
     end
 
-    # This path depends on CWD. May require manual cleanup
-    # See https://github.com/rapid7/metasploit-framework/issues/4667
-    print_warning("This exploit requires manual cleanup of '#{@jsp_file}' on the target")
+    register_files_for_cleanup(@jsp_file)
 
     # Prepare the JSP
     print_status("#{peer} - Generating JSP...")