Register early so the cleanup can actually rm the file

rapid7 · Jan 12, 2016 · 514199e · 514199e
1 parent 78bc394
commit 514199e
Showing 1 changed file with 5 additions and 2 deletions.
diff --git a/modules/exploits/multi/http/axis2_deployer.rb b/modules/exploits/multi/http/axis2_deployer.rb
@@ -75,6 +75,11 @@ def initialize(info = {})
   def upload_exec(session,rpath)
     contents=''
     name = Rex::Text.rand_text_alpha(8)
+
+    # We must register this file early, that way the on_new_session method
+    # won't miss it if FileDropper's cleanup routine kicks in.
+    register_file_for_cleanup("webapps#{rpath}/WEB-INF/services/#{name}.jar")
+
     services_xml = %Q{
 <service name="#{name}" scope="application">
   <description>
@@ -216,7 +221,6 @@ def upload_exec(session,rpath)
           end
 
           if res and res.code > 200 and res.code < 300
-            register_file_for_cleanup("webapps#{rpath}/WEB-INF/services/#{name}.jar")
             throw :stop # exit loop
           elsif res and res.code == 401
             if (res.headers['WWW-Authenticate'])
@@ -226,7 +230,6 @@ def upload_exec(session,rpath)
             if authmsg
               print_error("WWW-Authenticate: %s" % authmsg)
             end
-            register_file_for_cleanup("webapps#{rpath}/WEB-INF/services/#{name}.jar")
             raise ::Rex::ConnectionError
             throw :stop # exit loop
           end