Land #9829, add utility functions to Msf::Post::Linux::System
Merge branch 'landing-9829' into upstream-masterGSoC/Meterpreter_Web_Console
Brendan Coles
commit
e7b8427b53
|
|
@ -102,6 +102,173 @@ module System
|
|||
return system_data
|
||||
end
|
||||
|
||||
#
|
||||
# Gathers all SUID files on the filesystem.
|
||||
# NOTE: This uses the Linux `find` command. It will most likely take a while to get all files.
|
||||
# Consider specifying a more narrow find path.
|
||||
# @param findpath The path on the system to start searching
|
||||
# @return [Array]
|
||||
def get_suid_files(findpath = '/')
|
||||
cmd_exec("find #{findpath} -perm -4000 -print -xdev").to_s.split("\n")
|
||||
rescue
|
||||
raise "Could not retrieve all SUID files"
|
||||
end
|
||||
|
||||
#
|
||||
# Gets the $PATH environment variable
|
||||
#
|
||||
def get_path
|
||||
cmd_exec('echo $PATH').to_s
|
||||
rescue
|
||||
raise "Unable to determine path"
|
||||
end
|
||||
|
||||
#
|
||||
# Gets basic information about the system's CPU.
|
||||
# @return [Hash]
|
||||
#
|
||||
def get_cpu_info
|
||||
info = {}
|
||||
orig = cmd_exec("cat /proc/cpuinfo").to_s
|
||||
cpuinfo = orig.split("\n\n")[0]
|
||||
# This is probably a more platform independent way to parse the results (compared to splitting and assigning preset indices to values)
|
||||
cpuinfo.split("\n").each do |l|
|
||||
info[:speed_mhz] = l.split(': ')[1].to_i if l.include? 'cpu MHz'
|
||||
info[:product] = l.split(': ')[1] if l.include? 'model name'
|
||||
info[:vendor] = l.split(': ')[1] if l.include? 'vendor_id'
|
||||
end
|
||||
info[:cores] = orig.split("\n\n").size
|
||||
info
|
||||
rescue
|
||||
raise "Could not get CPU information"
|
||||
end
|
||||
|
||||
#
|
||||
# Gets the hostname of the system
|
||||
# @return [String]
|
||||
#
|
||||
def get_hostname
|
||||
cmd_exec('uname -n').to_s
|
||||
rescue
|
||||
raise 'Unable to retrieve hostname'
|
||||
end
|
||||
|
||||
#
|
||||
# Gets the name of the current shell
|
||||
# @return [String]
|
||||
#
|
||||
def get_shell_name
|
||||
psout = cmd_exec('ps -p $$').to_s
|
||||
psout.split("\n").last.split(' ')[3]
|
||||
rescue
|
||||
raise 'Unable to gather shell name'
|
||||
end
|
||||
|
||||
#
|
||||
# Checks if the system has gcc installed
|
||||
# @return [Boolean]
|
||||
#
|
||||
def has_gcc?
|
||||
command_exists? 'gcc'
|
||||
rescue
|
||||
raise 'Unable to check for gcc'
|
||||
end
|
||||
|
||||
#
|
||||
# Checks if the `cmd` is installed on the system
|
||||
# @return [Boolean]
|
||||
#
|
||||
def command_exists?(cmd)
|
||||
cmd_exec("command -v #{cmd} && echo true").to_s.include? 'true'
|
||||
rescue
|
||||
raise "Unable to check if command `#{cmd}` exists"
|
||||
end
|
||||
|
||||
#
|
||||
# Gets the process id(s) of `program`
|
||||
# @return [Array]
|
||||
#
|
||||
def pidof(program)
|
||||
pids = []
|
||||
full = cmd_exec('ps aux').to_s
|
||||
full.split("\n").each do |pid|
|
||||
pids << pid.split(' ')[1].to_i if pid.include? program
|
||||
end
|
||||
pids
|
||||
end
|
||||
|
||||
#
|
||||
# Checks if `file_path` is mounted on a noexec mount point
|
||||
# @return [Boolean]
|
||||
#
|
||||
def noexec?(file_path)
|
||||
mount = cmd_exec('cat /proc/mounts').to_s
|
||||
mount_path = get_mount_path(file_path)
|
||||
mount.lines.each do |l|
|
||||
return true if l =~ Regexp.new("#{mount_path} (.*)noexec(.*)")
|
||||
end
|
||||
false
|
||||
rescue
|
||||
raise 'Unable to check for noexec volume'
|
||||
end
|
||||
|
||||
#
|
||||
# Checks if `file_path` is mounted on a nosuid mount point
|
||||
# @return [Boolean]
|
||||
#
|
||||
def nosuid?(file_path)
|
||||
mount = cmd_exec('cat /proc/mounts').to_s
|
||||
mount_path = get_mount_path(file_path)
|
||||
mount.lines.each do |l|
|
||||
return true if l =~ Regexp.new("#{mount_path} (.*)nosuid(.*)")
|
||||
end
|
||||
false
|
||||
rescue
|
||||
raise 'Unable to check for nosuid volume'
|
||||
end
|
||||
|
||||
#
|
||||
# Checks for protected hardlinks on the system
|
||||
# @return [Boolean]
|
||||
#
|
||||
def protected_hardlinks?
|
||||
read_file('/proc/sys/fs/protected_hardlinks').to_s.strip.eql? '1'
|
||||
rescue
|
||||
raise 'Could not determine protected_hardlinks status'
|
||||
end
|
||||
|
||||
#
|
||||
# Checks for protected symlinks on the system
|
||||
# @return [Boolean]
|
||||
#
|
||||
def protected_symlinks?
|
||||
read_file('/proc/sys/fs/protected_symlinks').to_s.strip.eql? '1'
|
||||
rescue
|
||||
raise 'Could not determine protected_symlinks status'
|
||||
end
|
||||
|
||||
#
|
||||
# Gets the version of glibc
|
||||
# @return [String]
|
||||
#
|
||||
def glibc_version
|
||||
raise 'glibc is not installed' unless command_exists? 'ldd'
|
||||
cmd_exec('ldd --version').scan(/^ldd\s+\(.*\)\s+([\d.]+)/).flatten.first
|
||||
rescue
|
||||
raise 'Could not determine glibc version'
|
||||
end
|
||||
|
||||
#
|
||||
# Gets the mount point of `filepath`
|
||||
# @param [String] filepath The filepath to get the mount point
|
||||
# @return [String]
|
||||
#
|
||||
def get_mount_path(filepath)
|
||||
cmd_exec("df \"#{filepath}\" | tail -1").split(' ')[5]
|
||||
rescue
|
||||
raise "Unable to get mount path of #{filepath}"
|
||||
end
|
||||
|
||||
|
||||
end # System
|
||||
end # Linux
|
||||
|
|
|
|||
Loading…
Reference in New Issue