Module: Msf::Post::Linux::Priv

Includes:
Common, File
Included in:
Vcenter::Vcenter
Defined in:
lib/msf/core/post/linux/priv.rb

Instance Method Summary collapse

Methods included from File

#_append_file_powershell, #_append_file_unix_shell, #_can_echo?, #_read_file_meterpreter, #_read_file_powershell, #_read_file_powershell_fragment, #_shell_command_with_success_code, #_shell_process_with_success_code, #_unix_max_line_length, #_win_ansi_append_file, #_win_ansi_write_file, #_win_bin_append_file, #_win_bin_write_file, #_write_file_meterpreter, #_write_file_powershell, #_write_file_powershell_fragment, #_write_file_unix_shell, #append_file, #attributes, #cd, #chmod, #copy_file, #dir, #directory?, #executable?, #exist?, #expand_path, #exploit_data, #exploit_source, #file?, #file_local_write, #file_remote_digestmd5, #file_remote_digestsha1, #file_remote_digestsha2, #immutable?, #initialize, #mkdir, #pwd, #read_file, #readable?, #rename_file, #rm_f, #rm_rf, #setuid?, #stat, #upload_and_chmodx, #upload_file, #writable?, #write_file

Methods included from Common

#clear_screen, #cmd_exec, #cmd_exec_get_pid, #cmd_exec_with_result, #command_exists?, #create_process, #get_env, #get_envs, #initialize, #peer, #report_virtualization, #rhost, #rport

Instance Method Details

#binary_of_pid(pid) ⇒ String

Retrieves the binary name of a process given its PID

Parameters:

  • pid (Integer)

    the process ID

Returns:

  • (String)

    the binary name of the process



67
68
69
70
71
72
73
74
75
76
# File 'lib/msf/core/post/linux/priv.rb', line 67

def binary_of_pid(pid)
  binary = read_file("/proc/#{pid}/cmdline")
  if binary == '' # binary.empty?
    binary = read_file("/proc/#{pid}/comm")
  end
  if binary[-1] == "\n"
    binary = binary.split("\n")[0]
  end
  return binary
end

#cp_cmd(origin_file, final_file) ⇒ String

Copies the content of one file to another using a command execution

Parameters:

  • origin_file (String)

    the path to the source file

  • final_file (String)

    the path to the destination file

Returns:

  • (String)

    the output of the command



56
57
58
59
# File 'lib/msf/core/post/linux/priv.rb', line 56

def cp_cmd(origin_file, final_file)
  file_origin = read_file(origin_file)
  cmd_exec("echo '#{file_origin}' > '#{final_file}'")
end

#grep_cmd(file, string) ⇒ Array<String>

Searches for a specific string in a file and returns the lines that contain the string

Parameters:

  • file (String)

    the path to the file

  • string (String)

    the string to search for

Returns:

  • (Array<String>)

    an array containing the lines that include the specified string



184
185
186
187
188
189
190
191
192
193
194
# File 'lib/msf/core/post/linux/priv.rb', line 184

def grep_cmd(file, string)
  result = []
  lines = read_file(file).split("\n")

  lines.each do |line|
    if line.include?(string)
      result.insert(-1, line)
    end
  end
  return result
end

#head_cmd(file, nlines) ⇒ Array<String>

Returns the first ‘n` lines of a file

Parameters:

  • file (String)

    the path to the file

  • nlines (Integer)

    the number of lines to return

Returns:

  • (Array<String>)

    an array containing the first 'n` lines of the file



158
159
160
161
162
# File 'lib/msf/core/post/linux/priv.rb', line 158

def head_cmd(file, nlines)
  lines = read_file(file).split("\n")
  result = lines[0..nlines - 1]
  return result
end

#is_root?Boolean

Returns true if running as root, false if not.

Returns:

  • (Boolean)

Raises:

  • (RuntimeError)

    If execution fails.



16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
# File 'lib/msf/core/post/linux/priv.rb', line 16

def is_root?
  if command_exists?('id')
    user_id = cmd_exec('id -u')
    clean_user_id = user_id.to_s.gsub(/[^\d]/, '')
    if clean_user_id.empty?
      raise "Could not determine UID: #{user_id.inspect}"
    end

    return (clean_user_id == '0')
  end
  user = whoami
  data = cmd_exec('while read line; do echo $line; done </etc/passwd')
  data.each_line do |line|
    line = line.split(':')
    return true if line[0] == user && line[3].to_i == 0
  end
  false
end

#nchars_file(file) ⇒ Integer

Returns the number of characters in a file

Parameters:

  • file (String)

    the path to the file

Returns:

  • (Integer)

    the number of characters in the file



110
111
112
113
114
115
116
117
118
119
120
# File 'lib/msf/core/post/linux/priv.rb', line 110

def nchars_file(file)
  nchars = 0
  lines = read_file(file).split("\n")
  nchars = lines.length
  lines.each do |line|
    line.gsub(/ /, ' ' => '')
    nchars_line = line.length
    nchars += nchars_line
  end
  nchars
end

#nlines_file(file) ⇒ Integer

Returns the number of lines in a file

Parameters:

  • file (String)

    the path to the file

Returns:

  • (Integer)

    the number of lines in the file



145
146
147
148
149
# File 'lib/msf/core/post/linux/priv.rb', line 145

def nlines_file(file)
  lines = read_file(file).split("\n")
  nlines = lines.length
  return nlines
end

#nwords_file(file) ⇒ Integer

Returns the number of words in a file

Parameters:

  • file (String)

    the path to the file

Returns:

  • (Integer)

    the number of words in the file



128
129
130
131
132
133
134
135
136
137
# File 'lib/msf/core/post/linux/priv.rb', line 128

def nwords_file(file)
  nwords = 0
  lines = read_file(file).split("\n")
  lines.each do |line|
    words = line.split(' ')
    nwords_line = words.length
    nwords += nwords_line
  end
  return nwords
end

#seq(first, increment, last) ⇒ Array<Integer>

Generates a sequence of numbers from ‘first` to `last` with a given `increment`

Parameters:

  • first (Integer)

    the starting number of the sequence

  • increment (Integer)

    the step increment between each number in the sequence

  • last (Integer)

    the ending number of the sequence

Returns:

  • (Array<Integer>)

    an array containing the sequence of numbers



86
87
88
89
90
91
92
# File 'lib/msf/core/post/linux/priv.rb', line 86

def seq(first, increment, last)
  result = []
  (first..last).step(increment) do |i|
    result.insert(-1, i)
  end
  return result
end

#tail_cmd(file, nlines) ⇒ Array<String>

Returns the last ‘n` lines of a file

Parameters:

  • file (String)

    the path to the file

  • nlines (Integer)

    the number of lines to return

Returns:

  • (Array<String>)

    an array containing the last 'n` lines of the file



171
172
173
174
175
# File 'lib/msf/core/post/linux/priv.rb', line 171

def tail_cmd(file, nlines)
  lines = read_file(file).split("\n")
  result = lines[-1 * nlines..]
  return result
end

#touch_cmd(new_path_file) ⇒ String

Creates an empty file at the specified path using the touch command

Parameters:

  • new_path_file (String)

    the path to the new file to be created

Returns:

  • (String)

    the output of the command



45
46
47
# File 'lib/msf/core/post/linux/priv.rb', line 45

def touch_cmd(new_path_file)
  cmd_exec("> #{new_path_file}")
end

#wc_cmd(file) ⇒ Array<Integer, Integer, Integer, String>

Returns the number of lines, words, and characters in a file

Parameters:

  • file (String)

    the path to the file

Returns:

  • (Array<Integer, Integer, Integer, String>)

    an array containing the number of lines, words, characters, and the file name



100
101
102
# File 'lib/msf/core/post/linux/priv.rb', line 100

def wc_cmd(file)
  [nlines_file(file), nwords_file(file), nchars_file(file), file]
end