Add #file_dropper_file_exist?

jvazquez-r7 · jvazquez-r7 · commit ea8e62f0fb3a · 2015-05-18T14:13:12.000-05:00
diff --git a/lib/msf/core/exploit/file_dropper.rb b/lib/msf/core/exploit/file_dropper.rb
@@ -3,8 +3,6 @@
 module Msf
 module Exploit::FileDropper
 
-  attr_accessor :session
-
   def initialize(info = {})
     super
 
@@ -14,23 +12,6 @@ def initialize(info = {})
       ], self.class)
   end
 
-  # When a new session is created, attempt to delete any files that the
-  # exploit created.
-  #
-  # @param (see Msf::Exploit#on_new_session)
-  # @return [void]
-  def on_new_session(session)
-    super
-
-    print_status("new session...")
-    puts "#{self.session}"
-    if self.payload
-      puts "#{self.payload.session}"
-    end
-    on_new_session_job(session)
-  end
-
-  #
   # Record file as needing to be cleaned up
   #
   # @param files [Array<String>] List of paths on the target that should
@@ -49,7 +30,32 @@ def register_files_for_cleanup(*files)
   # Singular version
   alias register_file_for_cleanup register_files_for_cleanup
 
+  # When a new session is created, attempt to delete any files that the
+  # exploit created.
   #
+  # @param (see Msf::Exploit#on_new_session)
+  # @return [void]
+  def on_new_session(session)
+    super
+
+    if session.type == 'meterpreter'
+      session.core.use('stdapi') unless session.ext.aliases.include?('stdapi')
+    end
+
+    unless @dropped_files && @dropped_files.length > 0
+      return
+    end
+
+    @dropped_files.delete_if do |file|
+      exists_before = file_dropper_file_exist?(session, file)
+      if file_dropper_delete(session, file)
+        file_dropper_deleted?(session, file, exists_before)
+      else
+        false
+      end
+    end
+  end
+
   # While the exploit cleanup do a last attempt to delete any files created
   # if there is a file_rm method available. Warn the user if any files were
   # not cleaned up.
@@ -93,78 +99,44 @@ def cleanup
 
   private
 
-  # Takes a new session and makes the drop files task
+  # See if +path+ exists on the remote system and is a regular file
   #
-  # @param (see Msf::Exploit#on_new_session)
-  # @return [void]
-  # @note This methods needs to overwrite *and restore* the original
-  # `session` attribute
-  def on_new_session_job(new_session)
-    session_orig = session
-    self.session = new_session
-
-    begin
-      file_dropper_delete_files
-    ensure
-      self.session = session_orig
-    end
-  end
-
-  # Uses the exploit `session` to delete files on the `dropped_files` list
-  #
-  # @return [void]
-  def file_dropper_delete_files
-    if session.type == 'meterpreter'
-      session.core.use('stdapi') unless session.ext.aliases.include?('stdapi')
-    end
-
-    unless @dropped_files && @dropped_files.length > 0
-      return
-    end
-
-    @dropped_files.delete_if do |file|
-      puts "Deleting #{file}"
-      exists_before = file_dropper_check_file(file)
-      if file_dropper_delete(file)
-        file_dropper_deleted?(file, exists_before)
-      else
-        false
-      end
-    end
-  end
-
-  # Check if a file exists in the `session` file system
-  #
-  # @param [String] file The file to check
+  # @param path [String] Remote filename to check
   # @return [TrueClass] If the file exists
   # @return [FalseClass] If the file doesn't exist
-  def file_dropper_check_file(file)
-    puts "Checking file... #{file}"
+  def file_dropper_file_exist?(session, path)
     if session.platform =~ /win/
-      normalized = file_dropper_win_file(file)
+      normalized = file_dropper_win_file(path)
     else
-      normalized = file
+      normalized = path
     end
 
-    puts "Checking normalized file... #{file}"
-    Msf::Post::File.file_exist?(normalized)
-  end
+    if session.type == 'meterpreter'
+      stat = session.fs.file.stat(normalized) rescue nil
+      return false unless stat
+      stat.file?
+    else
+      if session.platform =~ /win/
+        f = shell_command_token("cmd.exe /C IF exist \"#{normalized}\" ( echo true )")
+        if f =~ /true/
+          f = shell_command_token("cmd.exe /C IF exist \"#{normalized}\\\\\" ( echo false ) ELSE ( echo true )")
+        end
+      else
+        f = session.shell_command_token("test -f \"#{normalized}\" && echo true")
+      end
 
-  # Converts a file path to use the windows separator '\'
-  #
-  # @param [String] file The file path to convert
-  # @return [String] The file path converted
-  def file_dropper_win_file(file)
-    file.gsub('/', "\\\\")
+      return false if f.nil? || f.empty?
+      return false unless f =~ /true/
+      true
+    end
   end
 
-  # Sends a file deletion command to the remote `session`
+  # Sends a file deletion command to the remote +session+
   #
   # @param [String] file The file to delete
-  # @return [TrueClass] If the delete command has been executed in the remote machine
-  # @return [FalseClass] Otherwise
-  def file_dropper_delete(file)
-    puts "Deleting #{file}"
+  # @return [TrueClass] the delete command has been executed in the remote machine
+  # @return [FalseClass] otherwise
+  def file_dropper_delete(session, file)
     win_file = file_dropper_win_file(file)
 
     if session.type == 'meterpreter'
@@ -181,7 +153,6 @@ def file_dropper_delete(file)
         false
       end
     else
-      puts "Deleting with shell"
       win_cmds = [
         %Q|attrib.exe -r "#{win_file}"|,
         %Q|del.exe /f /q "#{win_file}"|
@@ -201,12 +172,11 @@ def file_dropper_delete(file)
   # Checks if a file has been deleted by the current job
   #
   # @param [String] file The file to check
-  # @param [TrueClass] exists_before Indicates if the file existed before the cleanup job
+  # @param [TrueClass] exists_before Indicates if the file existed before the deletion
   # @return [TrueClass] if the file has been deleted or it cannot resolve
   # @return [FalseClass] if the file hasn't been deleted
-  def file_dropper_deleted?(file, exists_before)
-    puts "Deleted? ... #{file}"
-    if exists_before  && file_dropper_check_file(file)
+  def file_dropper_deleted?(session, file, exists_before)
+    if exists_before  && file_dropper_file_exist?(session, file)
       print_error("Unable to delete #{file}")
       false
     elsif exists_before
@@ -218,5 +188,13 @@ def file_dropper_deleted?(file, exists_before)
     end
   end
 
+  # Converts a file path to use the windows separator '\'
+  #
+  # @param [String] file The file path to convert
+  # @return [String] The file path converted
+  def file_dropper_win_file(file)
+    file.gsub('/', '\\\\')
+  end
+
 end
 end
