Module: Msf::Post::Linux::Priv
Instance Method Summary
collapse
Methods included from Common
#clear_screen, #cmd_exec, #cmd_exec_get_pid, #cmd_exec_with_result, #command_exists?, #create_process, #get_env, #get_envs, #initialize, #peer, #report_virtualization, #rhost, #rport
Instance Method Details
#binary_of_pid(pid) ⇒ Object
44
45
46
47
48
49
50
51
52
53
|
# File 'lib/msf/core/post/linux/priv.rb', line 44
def binary_of_pid(pid)
binary = read_file("/proc/#{pid}/cmdline")
if binary == "" binary = read_file("/proc/#{pid}/comm")
end
if binary[-1] == "\n"
binary = binary.split("\n")[0]
end
return binary
end
|
#cp_cmd(origin_file, final_file) ⇒ Object
39
40
41
42
|
# File 'lib/msf/core/post/linux/priv.rb', line 39
def cp_cmd(origin_file, final_file)
file_origin = read_file(origin_file)
cmd_exec("echo '#{file_origin}' > #{final_file}")
end
|
#grep_cmd(file, string) ⇒ Object
108
109
110
111
112
113
114
115
116
117
118
|
# File 'lib/msf/core/post/linux/priv.rb', line 108
def grep_cmd(file, string)
result = []
lines = read_file(file).split("\n")
lines.each do |line|
if line.include?(string)
result.insert(-1, line)
end
end
return result
end
|
#head_cmd(file, nlines) ⇒ Object
96
97
98
99
100
|
# File 'lib/msf/core/post/linux/priv.rb', line 96
def head_cmd(file, nlines)
lines = read_file(file).split("\n")
result = lines[0..nlines-1]
return result
end
|
#is_root? ⇒ Boolean
Returns true if running as root, false if not.
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
# File 'lib/msf/core/post/linux/priv.rb', line 13
def is_root?
if command_exists?('id')
user_id = cmd_exec('id -u')
clean_user_id = user_id.to_s.gsub(/[^\d]/, '')
if clean_user_id.empty?
raise "Could not determine UID: #{user_id.inspect}"
end
return (clean_user_id == '0')
end
user = whoami
data = cmd_exec('while read line; do echo $line; done </etc/passwd')
data.each_line do |line|
line = line.split(':')
return true if line[0] == user && line[3].to_i == 0
end
false
end
|
#nchars_file(file) ⇒ Object
67
68
69
70
71
72
73
74
75
76
77
|
# File 'lib/msf/core/post/linux/priv.rb', line 67
def nchars_file(file)
nchars = 0
lines = read_file(file).split("\n")
nchars = lines.length()
lines.each do |line|
line.gsub(/[ ]/, ' ' => '')
nchars_line = line.length()
nchars = nchars + nchars_line
end
return nchars
end
|
#nlines_file(file) ⇒ Object
90
91
92
93
94
|
# File 'lib/msf/core/post/linux/priv.rb', line 90
def nlines_file(file)
lines = read_file(file).split("\n")
nlines = lines.length()
return nlines
end
|
#nwords_file(file) ⇒ Object
79
80
81
82
83
84
85
86
87
88
|
# File 'lib/msf/core/post/linux/priv.rb', line 79
def nwords_file(file)
nwords = 0
lines = read_file(file).split("\n")
lines.each do |line|
words = line.split(" ")
nwords_line = words.length()
nwords = nwords + nwords_line
end
return nwords
end
|
#seq(first, increment, last) ⇒ Object
55
56
57
58
59
60
61
|
# File 'lib/msf/core/post/linux/priv.rb', line 55
def seq(first, increment, last)
result = []
(first..last).step(increment) do |i|
result.insert(-1, i)
end
return result
end
|
#tail_cmd(file, nlines) ⇒ Object
102
103
104
105
106
|
# File 'lib/msf/core/post/linux/priv.rb', line 102
def tail_cmd(file, nlines)
lines = read_file(file).split("\n")
result = lines[-1*(nlines)..-1]
return result
end
|
#touch_cmd(new_path_file) ⇒ Object
Multiple functions to simulate native commands added
35
36
37
|
# File 'lib/msf/core/post/linux/priv.rb', line 35
def touch_cmd(new_path_file)
cmd_exec("> #{new_path_file}")
end
|
#wc_cmd(file) ⇒ Object
63
64
65
|
# File 'lib/msf/core/post/linux/priv.rb', line 63
def wc_cmd(file)
[nlines_file(file), nwords_file(file), nchars_file(file), file]
end
|