Add attrib.exe for removing read-only files

This really should be a standard part of session.fs.file.rm

Author: egypt

lib/msf/core/exploit/file_dropper.rb

@@ -16,26 +16,33 @@ def on_new_session(session)
 		end
 
 		@dropped_files.delete_if do |file|
+			win_file = file.gsub("/", "\\\\")
 			if session.type == "meterpreter"
 				begin
+					# Meterpreter should do this automatically as part of
+					# fs.file.rm().  Until that has been implemented, remove the
+					# read-only flag with a command.
+					session.shell_command_token(%Q|attrib.exe -r "#{win_file}"|)
 					session.fs.file.rm(file)
 					print_good("Deleted #{file}")
 					true
 				rescue ::Rex::Post::Meterpreter::RequestError
 					false
 				end
 			else
-				win_file = file.gsub("/", "\\\\")
-				win_cmd  = %Q|del.exe /f /q "#{win_file}"|
-				unix_cmd = %Q|rm -f "#{file}" >/dev/null|
+				cmds = [
+						%Q|attrib.exe -r "#{win_file}"|,
+						%Q|del.exe /f /q "#{win_file}"|,
+						%Q|rm -f "#{file}" >/dev/null|,
+					]
 
 				# We need to be platform-independent here. Since we can't be
 				# certain that {#target} is accurate because exploits with
 				# automatic targets frequently change it, we just go ahead and
 				# run both a windows and a unixy command in the same line. One
 				# of them will definitely fail and the other will probably
 				# succeed. Doing it this way saves us an extra round-trip.
-				session.shell_command_token(%Q|#{win_cmd} ; #{unix_cmd}|)
+				session.shell_command_token(cmds.join(" ; "))
 				print_good("Deleted #{file}")
 				true
 			end