Added some methods for checkout output and cleanup

Royce Davis · Royce Davis · commit 13140d05b136 · 2013-01-09T21:14:19.000-06:00
diff --git a/lib/msf/core/exploit/psexec.rb b/lib/msf/core/exploit/psexec.rb
@@ -2,19 +2,43 @@
 
 module Msf
 
-###
-#
+####
 # This module alows for reuse of the psexec code execution module
 # This code was stolen straight out of psexec.rb.Thanks very much for all
 # who contributed to that module!! Instead of uploading and runing a binary.
-###
+####
 
 module Exploit::Remote::Psexec
 
 	include Msf::Exploit::Remote::DCERPC
 	include Msf::Exploit::Remote::SMB
 
-	# This method runs a single windows command fed into the #{command} paramater
+	# Retrives output from the executed command
+	# @param smbshare [String] The SMBshare to connect to.  Usually C$
+	# @param ip [IP Address] Remote Host to Connect To
+	# @param file [File name] Path to the output file relative to the smbshare
+	#	Example: '\WINDOWS\Temp\outputfile.txt'
+	# @return output or nil if fails
+	def get_output(smbshare, ip, file)
+		begin
+			print_status("Getting the command output...")
+			simple.connect("\\\\#{ip}\\#{smbshare}")
+			outfile = simple.open(file, 'ro')
+			output = outfile.read
+			outfile.close
+			simple.disconnect("\\\\#{ip}\\#{smbshare}")
+			return output
+		rescue StandardError => output_error
+			print_error("Error getting command output. #{output_error.class}. #{output_error}.")
+			return nil
+		end
+	end
+
+
+	# This method executes a single windows command.  If you want to
+	# retrieve the output of your command you'll have to echo it
+	# to a .txt file and then use the get_output method to retrieve it
+	# Make sure to use the cleanup_after method when you are done.
 	# @param command [String] Should be a valid windows command
 	# @return true if everything wen't well
 	def psexec(command)
@@ -127,6 +151,51 @@ def psexec(command)
 		simple.disconnect("IPC$")
 		return true
 	end
+
+	# This is the cleanup method, removes .txt and .bat file/s created during execution
+	# @param smbshare [String] The SMBshare to connect to.  Usually C$
+	# @param ip [IP Address] Remote Host to Connect To
+	# @param text [File Path] Path to the text file relative to the smbshare
+	#	Example: '\WINDOWS\Temp\output.txt'
+	# @param bat [File Path] Full path to the batch file created
+	#	Example: 'C:\WINDOWS\Temp\batchfile.bat'
+	# @return only in the event of an error
+	def cleanup_after(smbshare, ip, text, bat)
+		begin
+			# Try and do cleanup command/s
+			cleanup = "%COMSPEC% /C del %SYSTEMDRIVE%#{text} & del #{bat}"
+			print_status("#{peer} - Executing cleanup...")
+			psexec(cleanup)
+			if !check_cleanup(smbshare, ip, text)
+				print_error("#{peer} - Unable to cleanup. Make sure to manually remove files from the target.")
+			else
+				print_status("#{peer} - Cleanup was successful")
+			end
+		rescue StandardError => cleanuperror
+			print_error("#{peer} - Unable to processes cleanup commands. Error: #{cleanuperror}")
+			print_error("#{peer} - Make sure to manually remove files from the target")
+			return cleanuperror
+		end
+	end
+
+	# Make sure the cleanup command worked
+	# This method should only be called from within cleanup_after
+	def check_cleanup(smbshare, ip, text)
+		simple.connect("\\\\#{ip}\\#{smbshare}")
+		begin
+			if checktext = simple.open(text, 'ro')
+				check = false
+			else
+				check = true
+			end
+			simple.disconnect("\\\\#{ip}\\#{smbshare}")
+			return check
+		rescue StandardError => check_error
+			simple.disconnect("\\\\#{ip}\\#{smbshare}")
+			return true
+		end
+	end
+
 end
 
 end
