Land rapid7#12463, Fix delimiter selection on powershell payload comm…

…ands

lib/msf/base/sessions/powershell.rb

@@ -62,11 +62,11 @@ def shell_command(cmd, timeout = 1800)
       timeout = etime - ::Time.now.to_f
 
       buff << res
-      if buff.match(/#{endm}/)
+      if buff.include?(endm)
         # if you see the end marker, read the buffer from the start marker to the end and then display back to screen
         buff = buff.split(/#{strm}\r\n/)[-1]
-        buff.gsub!(/\nPS .*>/, '')
-        buff.gsub!(/#{endm}/, '')
+        buff = buff.split(endm)[0]
+        buff.gsub!(/(?<=\r\n)PS [^>]*>/, '')
         return buff
       end
     end

lib/msf/core/session/provider/single_command_shell.rb

@@ -131,7 +131,10 @@ def shell_command_token_win32(cmd, timeout=10)
     # Send the command to the session's stdin.
     # NOTE: if the session echoes input we don't need to echo the token twice.
     shell_write(cmd + "&echo #{token}\n")
-    shell_read_until_token(token, 1, timeout)
+    res = shell_read_until_token(token, 1, timeout)
+    # I would like a better way to do this, but I don't know of one
+    res.reverse!.chomp!.reverse! # the presence of a leading newline is not consistent
+    res
   end
 
 

test/modules/post/test/cmd_exec.rb

@@ -19,49 +19,45 @@ def initialize(info = {})
   end
 
   def test_cmd_exec
+    # we are inconsistent reporting windows session types
+    windows_strings = ['windows', 'win']
     vprint_status("Starting cmd_exec tests")
 
     it "should return the result of echo" do
       test_string = Rex::Text.rand_text_alpha(4)
-      if session.platform.eql? 'windows'
+      if windows_strings.include? session.platform and session.type.eql? 'meterpreter'
+        vprint_status("meterpreter?")
         output = cmd_exec('cmd.exe', "/c echo #{test_string}")
       else
         output = cmd_exec("echo #{test_string}")
       end
       output == test_string
     end
 
-    # trying to do a sleep in windows without trashing stdout is hard
-    unless session.platform.eql? 'windows'
-      it "should return the result after sleeping" do
+    # Powershell supports this, but not windows meterpreter (unsure about windows shell)
+    if not windows_strings.include? session.platform or session.type.eql? 'powershell'
+      it "should return the full response after sleeping" do
         test_string = Rex::Text.rand_text_alpha(4)
         output = cmd_exec("sleep 1; echo #{test_string}")
         output == test_string
       end
-
       it "should return the full response after sleeping" do
         test_string = Rex::Text.rand_text_alpha(4)
         test_string2 = Rex::Text.rand_text_alpha(4)
-        if session.platform.eql? 'windows'
-          output = cmd_exec('cmd.exe', "/c echo #{test_string} & timeout 1 > null & echo #{test_string2}")
-        else
-          output = cmd_exec("echo #{test_string}; sleep 1; echo #{test_string2}")
-        end
+        output = cmd_exec("echo #{test_string}; sleep 1; echo #{test_string2}")
         output.delete("\r") == "#{test_string}\n#{test_string2}"
       end
-    end
 
-    it "should return the result of echo 10 times" do
-      10.times do
-        test_string = Rex::Text.rand_text_alpha(4)
-        if session.platform.eql? 'windows'
-          output = cmd_exec("cmd.exe", "/c echo #{test_string}")
-        else
+      it "should return the result of echo 10 times" do
+        10.times do
+          test_string = Rex::Text.rand_text_alpha(4)
           output = cmd_exec("echo #{test_string}")
+          return false unless output == test_string
         end
-        return false unless output == test_string
+        true
       end
-      true
+    else
+      vprint_status("Session does not support sleep, skipping sleep tests")
     end
     vprint_status("Finished cmd_exec tests")
   end