Module: Msf::Post::Unix

Included in:
Linux::Compile, Linux::System, Solaris::System
Defined in:
lib/msf/core/post/unix.rb

Instance Method Summary collapse

Instance Method Details

#enum_user_directoriesObject

Enumerates the user directories in /Users or /home

[View source]

77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
 
# File 'lib/msf/core/post/unix.rb', line 77

def enum_user_directories
  user_dirs = []

  # get all user directories from /etc/passwd
  passwd = '/etc/passwd'
  if file_exist?(passwd)
    read_file(passwd).each_line do |passwd_line|
      user_dirs << passwd_line.split(/:/)[5]
    end
  end

  # also list other common places for home directories in the event that
  # the users aren't in /etc/passwd (LDAP, for example)
  case session.platform
  when 'osx'
    user_dirs << cmd_exec('ls /Users').each_line.map { |l| "/Users/#{l}" }
  else
    user_dirs << cmd_exec('ls /home').each_line.map { |l| "/home/#{l}" }
  end

  user_dirs.flatten!
  user_dirs.compact!
  user_dirs.sort!
  user_dirs.uniq!
  user_dirs
end

#get_groupsObject

Returns an array of hashes each hash representing a user group Keys are name, gid and users

[View source]

57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
 
# File 'lib/msf/core/post/unix.rb', line 57

def get_groups
  groups = []
  group = '/etc/group'
  if file_exist?(group)
    cmd_out = read_file(group).split("\n")
    cmd_out.each do |l|
      entry = {}
      user_field = l.split(":")
      entry[:name] = user_field[0]
      entry[:gid] = user_field[2]
      entry[:users] = user_field[3]
      groups << entry
    end
  end
  return groups
end

#get_session_pidString

Gets the pid of the current session

Returns:

  • (String)
[View source]

17
18
19
 
# File 'lib/msf/core/post/unix.rb', line 17

def get_session_pid
  cmd_exec("echo $PPID").to_s
end

#get_usersObject

Returns an array of hashes each representing a user Keys are name, uid, gid, info, dir and shell

[View source]

25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
 
# File 'lib/msf/core/post/unix.rb', line 25

def get_users
  users = []
  etc_passwd = nil
  [
    "/etc/passwd",
    "/etc/security/passwd",
    "/etc/master.passwd",
  ].each { |f|
    if file_exist?(f)
      etc_passwd = f
      break
    end
  }
  cmd_out = read_file(etc_passwd).split("\n")
  cmd_out.each do |l|
    entry = {}
    user_field = l.split(":")
    entry[:name] = user_field[0]
    entry[:uid] = user_field[2]
    entry[:gid] = user_field[3]
    entry[:info] = user_field[4]
    entry[:dir] = user_field[5]
    entry[:shell] = user_field[6]
    users << entry
  end
  return users
end

#is_root?Boolean

Returns true if session is running as uid=0.

Returns:

  • (Boolean)

    true if session is running as uid=0

[View source]

9
10
11
 
# File 'lib/msf/core/post/unix.rb', line 9

def is_root?
  (cmd_exec('id -u').to_s.gsub(/[^\d]/, '') == '0')
end

#whoamiString

It returns the username of the current user

Returns:

  • (String)

    with username

[View source]

108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
 
# File 'lib/msf/core/post/unix.rb', line 108

def whoami
  shellpid = get_session_pid()
  status = read_file("/proc/#{shellpid}/status")
  status.each_line do |line|
    split = line.split(":")
    if split[0] == "Uid"
      regex = /.*\s(.*)\s/
      useridtmp = split[1]
      userid = useridtmp[regex, 1]
      uid = userid.to_s
      passwd = read_file("/etc/passwd")
      passwd.each_line do |line|
        parts = line.split(":")
        uid_passwd = parts[2].to_s
        user = parts[0].to_s
        if uid_passwd == uid
          return user
        end
      end
    end
  end
end