Skip to content
Permalink
Browse files

Land #11918, replace trivial usage of expand_path with getenv

Merge branch 'land-11918' into upstream-master
  • Loading branch information...
bwatters-r7 committed Jun 3, 2019
2 parents 22e8d34 + 53557cc commit 6f711dfab4a03c485a40032c83190a7868c3e92b
@@ -115,7 +115,7 @@ def shell_init

# COMSPEC is special-cased on all meterpreters to return a viable
# shell.
sh = fs.file.expand_path("%COMSPEC%")
sh = sys.config.getenv('COMSPEC')
@shell = sys.process.execute(sh, nil, { "Hidden" => true, "Channelized" => true })

end
@@ -112,7 +112,7 @@ def webrtc_browser_path

paths.each do |browser_path|
if file?(browser_path)
found_browser_path = client.fs.file.expand_path(browser_path)
found_browser_path = browser_path
break
end
end
@@ -402,8 +402,7 @@ def cmd_kerberos_ticket_use(*args)
# Dump all the shared wifi profiles/credentials
#
def cmd_wifi_list_shared(*args)
interfaces_dir = '%AllUsersProfile%\Microsoft\Wlansvc\Profiles\Interfaces'
interfaces_dir = client.fs.file.expand_path(interfaces_dir)
interfaces_dir = client.sys.config.getenv('AllUsersProfile') + '\Microsoft\Wlansvc\Profiles\Interfaces'
files = client.fs.file.search(interfaces_dir, '*.xml', true)

if files.length == 0
@@ -303,7 +303,7 @@ def cmd_shell(*args)

case client.platform
when 'windows'
path = client.fs.file.expand_path('%COMSPEC%')
path = client.sys.config.getenv('COMSPEC')
path = (path && !path.empty?) ? path : 'cmd.exe'

# attempt the shell with thread impersonation
@@ -319,12 +319,11 @@ def cmd_shell(*args)
return true
end

# Don't expand_path() this because it's literal anyway
cmd_execute('-f', '/bin/sh', '-c', '-i')
else
# Then this is a multi-platform meterpreter (e.g., php or java), which
# must special-case COMSPEC to return the system-specific shell.
path = client.fs.file.expand_path('%COMSPEC%')
path = client.sys.config.getenv('COMSPEC')

# If that failed for whatever reason, guess it's unix
path = (path && !path.empty?) ? path : '/bin/sh'
@@ -1,5 +1,5 @@
##
# This module requires Metasploit: http://metasploit.com/download
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

@@ -128,7 +128,7 @@ def exploit
datastore['EXE::Path'] = path
datastore['EXE::Template'] = ::File.join(path, "template_#{arch}_windows.dll")

path = datastore['PATH'] || session.fs.file.expand_path("%USERPROFILE%")
path = datastore['PATH'] || session.sys.config.getenv('USERPROFILE')
path.chomp!("\\")

dll_path = "#{path}\\#{get_name('DLLNAME', 'dll')}"
@@ -113,13 +113,13 @@ def write_exe_to_target(rexe, rexename, rexepath)
write_file_to_target(temprexe,rexe)
rescue Rex::Post::Meterpreter::RequestError
print_warning("Insufficient privileges to write in #{rexepath}, writing to %TEMP%")
temprexe = session.fs.file.expand_path("%TEMP%") + "\\" + rexename
temprexe = session.sys.config.getenv('TEMP') + "\\" + rexename
write_file_to_target(temprexe,rexe)
end

# Write to %temp% directory if not set REMOTE_EXE_PATH
else
temprexe = session.fs.file.expand_path("%TEMP%") + "\\" + rexename
temprexe = session.sys.config.getenv('TEMP') + "\\" + rexename
write_file_to_target(temprexe,rexe)
end

@@ -91,7 +91,7 @@ def exploit

com_opts = {}
com_opts[:net_clr] = 4.0 # Min .NET runtime to load into a PS session
com_opts[:target] = datastore['OUTPUT_TARGET'] || session.fs.file.expand_path('%TEMP%') + "\\#{ Rex::Text.rand_text_alpha(rand(8)+8) }.exe"
com_opts[:target] = datastore['OUTPUT_TARGET'] || session.sys.config.getenv('TEMP') + "\\#{ Rex::Text.rand_text_alpha(rand(8)+8) }.exe"
com_opts[:payload] = payload_script #payload.encoded
vprint_good com_opts[:payload].length.to_s

@@ -100,7 +100,7 @@ def get_proxy_data
def get_config_files
# Determine if TortoiseSVN is installed and parse config files
savedpwds = 0
path = session.fs.file.expand_path("%APPDATA%\\Subversion\\auth\\svn.simple\\")
path = session.sys.config.getenv('APPDATA') + "\\Subversion\\auth\\svn.simple\\"
print_status("Checking for configuration files in: #{path}")

begin
@@ -174,13 +174,13 @@ def write_exe_to_target(rexe, rexename)
write_file_to_target(temprexe,rexe)
rescue Rex::Post::Meterpreter::RequestError
print_warning("Insufficient privileges to write in #{datastore['LocalExePath']}, writing to %TEMP%")
temprexe = session.fs.file.expand_path("%TEMP%") + "\\" + rexename
temprexe = session.sys.config.getenv('TEMP') + "\\" + rexename
write_file_to_target(temprexe,rexe)
end

# Write to %temp% directory if not set LocalExePath
else
temprexe = session.fs.file.expand_path("%TEMP%") + "\\" + rexename
temprexe = session.sys.config.getenv('TEMP') + "\\" + rexename
write_file_to_target(temprexe,rexe)
end

@@ -70,7 +70,7 @@ def run
net_com_opts = {}
net_com_opts[:target] =
datastore['OUTPUT_TARGET'] ||
"#{session.fs.file.expand_path('%TEMP%')}\\#{Rex::Text.rand_text_alpha(rand(8) + 8)}.exe"
"#{session.sys.config.getenv('TEMP')}\\#{Rex::Text.rand_text_alpha(rand(8) + 8)}.exe"
net_com_opts[:com_opts] = datastore['COMPILER_OPTS']
net_com_opts[:provider] = datastore['CODE_PROVIDER']
net_com_opts[:assemblies] = datastore['ASSEMBLIES']
@@ -73,7 +73,7 @@ def m_exec(session, cmd)
# Upload to the filesystem
#

tempdir = client.fs.file.expand_path("%TEMP%") + "\\" + Rex::Text.rand_text_alpha(rand(8)+8)
tempdir = client.sys.config.getenv('TEMP') + "\\" + Rex::Text.rand_text_alpha(rand(8)+8)

print_status("Creating a temporary installation directory #{tempdir}...")
client.fs.dir.mkdir(tempdir)
@@ -125,7 +125,7 @@ def write_script_to_target(target_dir,vbs)
if target_dir
tempdir = target_dir
else
tempdir = @client.fs.file.expand_path("%TEMP%")
tempdir = @client.sys.config.getenv('TEMP')
end
tempvbs = tempdir + "\\" + Rex::Text.rand_text_alpha((rand(8)+6)) + ".vbs"
fd = @client.fs.file.new(tempvbs, "wb")
@@ -39,7 +39,7 @@ def setup
if (stat and stat.directory?)
tmp = "/tmp"
else
tmp = session.fs.file.expand_path("%TEMP%")
tmp = session.sys.config.getenv('TEMP')
end
vprint_status("Setup: changing working directory to #{tmp}")
session.fs.dir.chdir(tmp)
@@ -138,7 +138,7 @@ def test_fs
else
entropy_value = ""
end

it "should return the proper directory separator" do
sysinfo = session.sys.config.sysinfo
if sysinfo["OS"] =~ /windows/i
@@ -173,7 +173,7 @@ def test_fs
end

it "should create and remove a dir" do
dir_name = "#{datastore["BaseFileName"]}-dir#{entropy_value}"
dir_name = "#{datastore["BaseFileName"]}-dir#{entropy_value}"
vprint_status("Directory Name: #{dir_name}")
session.fs.dir.rmdir(dir_name) rescue nil
res = create_directory(dir_name)

0 comments on commit 6f711df

Please sign in to comment.
You can’t perform that action at this time.