Module: Msf::Post::Unix

Included in:
Linux::Compile, Linux::System, Solaris::System
Defined in:
lib/msf/core/post/unix.rb

Instance Method Summary collapse

Instance Method Details

#enum_user_directoriesObject

Enumerates the user directories in /Users or /home



69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
 
# File 'lib/msf/core/post/unix.rb', line 69

def enum_user_directories
  user_dirs = []

  # get all user directories from /etc/passwd
  passwd = '/etc/passwd'
  if file_exist?(passwd)
    read_file(passwd).each_line do |passwd_line|
      user_dirs << passwd_line.split(/:/)[5]
    end
  end

  # also list other common places for home directories in the event that
  # the users aren't in /etc/passwd (LDAP, for example)
  case session.platform
  when 'osx'
    user_dirs << cmd_exec('ls /Users').each_line.map { |l| "/Users/#{l}" }
  else
    user_dirs << cmd_exec('ls /home').each_line.map { |l| "/home/#{l}" }
  end

  user_dirs.flatten!
  user_dirs.compact!
  user_dirs.sort!
  user_dirs.uniq!
  user_dirs
end

#get_groupsObject

Returns an array of hashes each hash representing a user group Keys are name, gid and users



49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
 
# File 'lib/msf/core/post/unix.rb', line 49

def get_groups
  groups = []
  group = '/etc/group'
  if file_exist?(group)
    cmd_out = read_file(group).split("\n")
    cmd_out.each do |l|
      entry = {}
      user_field = l.split(":")
      entry[:name] = user_field[0]
      entry[:gid] = user_field[2]
      entry[:users] = user_field[3]
      groups << entry
    end
  end
  return groups
end

#get_usersObject

Returns an array of hashes each representing a user Keys are name, uid, gid, info, dir and shell



17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
 
# File 'lib/msf/core/post/unix.rb', line 17

def get_users
  users = []
  etc_passwd = nil
  [
    "/etc/passwd",
    "/etc/security/passwd",
    "/etc/master.passwd",
  ].each { |f|
    if file_exist?(f)
      etc_passwd = f
      break
    end
  }
  cmd_out = read_file(etc_passwd).split("\n")
  cmd_out.each do |l|
    entry = {}
    user_field = l.split(":")
    entry[:name] = user_field[0]
    entry[:uid] = user_field[2]
    entry[:gid] = user_field[3]
    entry[:info] = user_field[4]
    entry[:dir] = user_field[5]
    entry[:shell] = user_field[6]
    users << entry
  end
  return users
end

#is_root?Boolean

Returns true if session is running as uid=0.

Returns:

  • (Boolean)

    true if session is running as uid=0



9
10
11
 
# File 'lib/msf/core/post/unix.rb', line 9

def is_root?
  (cmd_exec('id -u').to_s.gsub(/[^\d]/, '') == '0')
end

#whoamiString

It returns the username of the current user

Returns:

  • (String)

    with username



100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
 
# File 'lib/msf/core/post/unix.rb', line 100

def whoami
  shellpid = get_session_pid()
  status = read_file("/proc/#{shellpid}/status") 
  status.each_line do |line|
    split = line.split(":")
    if split[0] == "Uid"
      regex = /.*\s(.*)\s/
      useridtmp = split[1]
      userid = useridtmp[regex, 1]
      uid = userid.to_s
      passwd = read_file("/etc/passwd")
      passwd.each_line do |line|
        parts = line.split(":")
        uid_passwd = parts[2].to_s
        user = parts[0].to_s
        if uid_passwd == uid
          return user
        end
      end
    end
  end
end