Module: Msf::Post::Linux::BusyBox

Includes:
Common, File
Defined in:
lib/msf/core/post/linux/busy_box.rb

Instance Method Summary collapse

Methods included from File

#_append_file_powershell, #_append_file_unix_shell, #_can_echo?, #_read_file_meterpreter, #_read_file_powershell, #_read_file_powershell_fragment, #_shell_command_with_success_code, #_shell_process_with_success_code, #_unix_max_line_length, #_win_ansi_append_file, #_win_ansi_write_file, #_win_bin_append_file, #_win_bin_write_file, #_write_file_meterpreter, #_write_file_powershell, #_write_file_powershell_fragment, #_write_file_unix_shell, #append_file, #attributes, #cd, #chmod, #copy_file, #dir, #directory?, #executable?, #exist?, #expand_path, #exploit_data, #exploit_source, #file?, #file_local_write, #file_remote_digestmd5, #file_remote_digestsha1, #file_remote_digestsha2, #immutable?, #initialize, #mkdir, #pwd, #read_file, #readable?, #rename_file, #rm_f, #rm_rf, #setuid?, #stat, #upload_and_chmodx, #upload_file, #writable?, #write_file

Methods included from Common

#clear_screen, #cmd_exec, #cmd_exec_get_pid, #cmd_exec_with_result, #command_exists?, #create_process, #get_env, #get_envs, #initialize, #peer, #report_virtualization, #rhost, #rport

Instance Method Details

#busy_box_file_exist?(file_path) ⇒ Boolean

Note:

Msf::Post::File#file? doesnt work because test -f is not available in busybox

Checks if the file exists in the target

Parameters:

  • file_path (String)

    the target file path

Returns:

  • (Boolean)

    true if files exists, false otherwise

[View source] [View on GitHub]

17
18
19
20
21
22
23
24
 
# File 'lib/msf/core/post/linux/busy_box.rb', line 17

def busy_box_file_exist?(file_path)
  contents = read_file(file_path)
  if contents.nil? || contents.empty?
    return false
  end

  true
end

#busy_box_is_writable_dir?(dir_path) ⇒ Boolean

Checks if the directory is writable in the target

Parameters:

  • dir_path (String)

    the target directory path

Returns:

  • (Boolean)

    true if target directory is writable, false otherwise

[View source] [View on GitHub]

30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
 
# File 'lib/msf/core/post/linux/busy_box.rb', line 30

def busy_box_is_writable_dir?(dir_path)
  res = false
  rand_str = Rex::Text.rand_text_alpha(16)
  file_path = "#{dir_path}/#{rand_str}"

  cmd_exec("echo #{rand_str}XXX#{rand_str} > #{file_path}")
  Rex::sleep(0.3)
  rcv = read_file(file_path)

  if rcv.include?("#{rand_str}XXX#{rand_str}")
    res = true
  end

  cmd_exec("rm -f #{file_path}")
  Rex::sleep(0.3)

  res
end

#busy_box_writable_dirString

Checks some directories that usually are writable in devices running busybox

Returns:

  • (String)

    If the function finds a writable directory, it returns the path. Else it returns nil

[View source] [View on GitHub]

51
52
53
54
55
56
57
58
59
 
# File 'lib/msf/core/post/linux/busy_box.rb', line 51

def busy_box_writable_dir
  dirs = %w(/etc/ /mnt/ /var/ /var/tmp/)

  dirs.each do |d|
    return d if busy_box_is_writable_dir?(d)
  end

  nil
end

#busy_box_write_file(file_path, data, prepend = false) ⇒ Boolean

Note:

BusyBox commands are limited and Msf::Post::File#write_file doesn't work here, because of it is necessary to implement an specific method.

Writes data to a file

Parameters:

  • file_path (String)

    the file path to write on the target

  • data (String)

    the content to be written

  • prepend (Boolean) (defaults to: false)

    if true, prepend the data to the target file. Otherwise, overwrite the target file

Returns:

  • (Boolean)

    true if target file is writable and it was written. Otherwise, false.

[View source] [View on GitHub]

71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
 
# File 'lib/msf/core/post/linux/busy_box.rb', line 71

def busy_box_write_file(file_path, data, prepend = false)
  if prepend
    dir = busy_box_writable_dir
    return false unless dir
    cmd_exec("cp -f #{file_path} #{dir}tmp")
    Rex::sleep(0.3)
  end

  rand_str = Rex::Text.rand_text_alpha(16)
  cmd_exec("echo #{rand_str} > #{file_path}")
  Rex::sleep(0.3)

  unless read_file(file_path).include?(rand_str)
    return false
  end

  cmd_exec("echo \"\"> #{file_path}")
  Rex::sleep(0.3)

  lines = data.lines.map(&:chomp)
  lines.each do |line|
    cmd_exec("echo #{line.chomp} >> #{file_path}")
    Rex::sleep(0.3)
  end

  if prepend
    cmd_exec("cat #{dir}tmp >> #{file_path}")
    Rex::sleep(0.3)

    cmd_exec("rm -f #{dir}tmp")
    Rex::sleep(0.3)
  end

  true
end