convert persistence mkdirs to lib function

2026-05-07 14:31:12 -04:00
parent a394578488
commit 5e39ced730
8 changed files with 12 additions and 15 deletions
@@ -89,7 +89,7 @@ class MetasploitModule < Msf::Exploit::Local
    user = target_user
    home = get_home_dir(user)
    vprint_status('Making sure the autostart directory exists')
-    cmd_exec("mkdir -p #{home}/.config/autostart") # in case no autostart exists
+    mkdir("#{home}/.config/autostart", cleanup: false) # in case no autostart exists

    name = datastore['BACKDOOR_NAME'] || Rex::Text.rand_text_alpha(5..8)
    path = "#{home}/.config/autostart/#{name}.desktop"
@@ -83,13 +83,13 @@ class MetasploitModule < Msf::Exploit::Local
      @clean_up_rc << "upload #{path} #{config_file}\n"
    else
      print_status("#{config_file} does not exist, creating it")
-      cmd_exec("mkdir #{emacs_dir}") unless directory?(emacs_dir) # don't use mkdir since that auto deletes on module finish
+      mkdir(emacs_dir, cleanup: false) unless directory?(emacs_dir)
      write_file(config_file, '')
      @clean_up_rc << "rm #{config_file}\n"
    end

    unless directory?(lisp_dir)
-      cmd_exec("mkdir #{lisp_dir}")
+      cmd_exec("#{lisp_dir}", cleanup: false)
      @clean_up_rc << "rmdir #{lisp_dir}\n"
    end

@@ -185,7 +185,7 @@ class MetasploitModule < Msf::Exploit::Local
    user = target_user
    home = get_home_dir(user)
    vprint_status('Creating user service directory')
-    cmd_exec("mkdir -p #{home}/.config/systemd/user")
+    mkdir("#{home}/.config/systemd/user", cleanup: false)

    service_name = "#{home}/.config/systemd/user/#{service_filename}.service"
    vprint_status("Writing service: #{service_name}")
@@ -196,7 +196,7 @@ class MetasploitModule < Msf::Exploit::Local
    if !file_exist?(service_name)
      print_error('File not written, check permissions. Attempting secondary location')
      vprint_status('Creating user secondary service directory')
-      cmd_exec("mkdir -p #{home}/.local/share/systemd/user")
+      mkdir("#{home}/.local/share/systemd/user", cleanup: false)

      service_name = "#{home}/.local/share/systemd/user/#{service_filename}.service"
      vprint_status("Writing .local service: #{service_name}")
@@ -220,12 +220,10 @@ var ExamplePlugin = class extends import_obsidian.Plugin {
    fail_with(Failure::NotFound, 'No vaults found') if vaults.empty?
    vaults.each_value do |vault|
      print_status("Uploading plugin to vault #{vault['path']}")
-      # avoid mkdir function because that registers it for delete, and we don't want that for
-      # persistent modules
      if ['windows', 'win'].include? session.platform
-        cmd_exec("cmd.exe /c md \"#{vault['path']}\\.obsidian\\plugins\\#{plugin}\"")
+        mkdir("#{vault['path']}\\.obsidian\\plugins\\#{plugin}", cleanup: false)
      else
-        cmd_exec("mkdir -p '#{vault['path']}/.obsidian/plugins/#{plugin}/'")
+        mkdir("#{vault['path']}/.obsidian/plugins/#{plugin}", cleanup: false)
      end
      vprint_status("Uploading: #{vault['path']}/.obsidian/plugins/#{plugin}/main.js")
      write_file("#{vault['path']}/.obsidian/plugins/#{plugin}/main.js", main_js(plugin))
@@ -98,7 +98,7 @@ class MetasploitModule < Msf::Exploit::Local
    print_status("Detected Python version #{@python_version}")
    get_hooks_path unless @hooks_path

-    mkdir(@hooks_path) if session.platform == 'osx' || session.platform == 'linux'
+    mkdir(@hooks_path, cleanup: false) if session.platform == 'osx' || session.platform == 'linux'

    fail_with(Failure::NotFound, "The hooks path #{@hooks_path} does not exists") unless directory?(@hooks_path)
    # check if hooks path writable
@@ -105,7 +105,7 @@ class MetasploitModule < Msf::Exploit::Local
  # drops a LaunchAgent plist into the user's Library, which specifies to run backdoor_path
  def add_launchctl_item
    label = File.basename(backdoor_path)
-    cmd_exec("mkdir -p #{File.dirname(plist_path).shellescape}")
+    mkdir(File.dirname(plist_path).shellescape, cleanup: false) unless directory?(File.dirname(plist_path))
    # NOTE: the OnDemand key is the OSX < 10.4 equivalent of KeepAlive
    item = <<-EOF
    <?xml version="1.0" encoding="UTF-8"?>
@@ -186,7 +186,7 @@ class MetasploitModule < Msf::Exploit::Local
  # @param [String] exe the executable to drop
  def write_backdoor(exe)
    print_status('Dropping backdoor executable...')
-    cmd_exec("mkdir -p #{File.dirname(backdoor_path).shellescape}")
+    mkdir(File.dirname(backdoor_path).shellescape, cleanup: false) unless directory?(File.dirname(backdoor_path))

    if write_file(backdoor_path, exe)
      print_good("Backdoor stored to #{backdoor_path}")
@@ -84,7 +84,7 @@ class MetasploitModule < Msf::Exploit::Local
    if session.type == 'meterpreter'
      fail_with(Failure::UnexpectedReply, 'Error while creating malicious plugin directory') unless session.fs.dir.mkdir(payload_pathname)
    else
-      fail_with(Failure::UnexpectedReply, 'Error while creating malicious plugin directory') unless cmd_exec("mkdir \"#{payload_pathname}\"")
+      fail_with(Failure::UnexpectedReply, 'Error while creating malicious plugin directory') unless mkdir(payload_pathname, cleanup: false)
    end

    fail_with(Failure::UnexpectedReply, "Error writing payload to: #{payload_pathname}") unless write_file(payload_pathname + payload_name + '.dll', payload_exe)
@@ -85,9 +85,8 @@ class MetasploitModule < Msf::Exploit::Local
        print_status("#{profile_file} does not exist, creating it...")
        folders = profile_file.split('\\')[0..-2]
        folders = folders.join('\\')
-        # we can't use mkdir here because register_dir_for_cleanup gets called, and we handle our own cleanups
        unless directory?(folders)
-          cmd_exec("cmd /c \"md #{folders}\"")
+          mkdir(folders, cleanup: false)
          @clean_up_rc << "rmdir #{folders.gsub('\\', '/')}\n"
        end
        unless write_file(profile_file, '') # write empty file so we can append later