Module: Msf::Post::Solaris::System

Includes:
Common, File, Unix
Defined in:
lib/msf/core/post/solaris/system.rb

Instance Method Summary collapse

Methods included from Unix

#enum_user_directories, #get_groups, #get_users, #is_root?, #whoami

Methods included from File

#_read_file_meterpreter, #_unix_max_line_length, #_write_file_unix_shell, #append_file, #attributes, #cd, #chmod, #dir, #directory?, #executable?, #exist?, #expand_path, #exploit_data, #file?, #file_local_write, #file_remote_digestmd5, #file_remote_digestsha1, #file_remote_digestsha2, #immutable?, #mkdir, #pwd, #read_file, #readable?, #rename_file, #rm_f, #rm_rf, #setuid?, #upload_and_chmodx, #upload_file, #writable?, #write_file

Methods included from Common

#clear_screen, #cmd_exec, #cmd_exec_get_pid, #command_exists?, #get_env, #get_envs, #has_pid?, #peer, #report_virtualization, #rhost, #rport

Instance Method Details

#get_cpu_infoHash

Gets basic information about the system's CPU.

Returns:

  • (Hash)

71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
# File 'lib/msf/core/post/solaris/system.rb', line 71

def get_cpu_info
  info = {}
  orig = cmd_exec('kstat -m cpu_info -p').to_s
  cpuinfo = orig.split("\n")
  # This is probably a more platform independent way to parse the results (compared to splitting and assigning preset indices to values)
  cpuinfo.each do |l|
    info[:speed_mhz]   = l.split(':')[3].split("\t")[1].to_i if l.include? 'clock_MHz'
    info[:product]     = l.split(':')[3].split("\t")[1]      if l.include? 'brand'
    info[:vendor]      = l.split(':')[3].split("\t")[1]      if l.include? 'vendor_id'
    info[:cores]       = l.split(':')[3].split("\t")[1].to_i if l.include? 'ncore_per_chip'
  end
  return info
rescue
  raise "Could not get CPU information"
end

#get_hostnameString

Gets the hostname of the system

Returns:

  • (String)

91
92
93
94
95
# File 'lib/msf/core/post/solaris/system.rb', line 91

def get_hostname
  cmd_exec('uname -n').to_s
rescue
  raise 'Unable to retrieve hostname'
end

#get_mount_path(filepath) ⇒ String

Gets the mount point of `filepath`

Parameters:

  • filepath (String)

    The filepath to get the mount point

Returns:

  • (String)

139
140
141
142
143
# File 'lib/msf/core/post/solaris/system.rb', line 139

def get_mount_path(filepath)
  cmd_exec("df \"#{filepath}\" | tail -1").split(' ')[0]
rescue
  raise "Unable to get mount path of #{filepath}"
end

#get_pathObject

Gets the $PATH environment variable


61
62
63
64
65
# File 'lib/msf/core/post/solaris/system.rb', line 61

def get_path
  cmd_exec('echo $PATH').to_s
rescue
  raise "Unable to determine path"
end

#get_shell_nameString

Gets the name of the current shell

Returns:

  • (String)

101
102
103
104
105
106
# File 'lib/msf/core/post/solaris/system.rb', line 101

def get_shell_name
  psout = cmd_exec('ps -p $$').to_s
  psout.split("\n").last.split(' ')[3]
rescue
  raise 'Unable to gather shell name'
end

#get_suid_files(findpath = '/') ⇒ Array

Gathers all SUID files on the filesystem. NOTE: This uses the Linux `find` command. It will most likely take a while to get all files. Consider specifying a more narrow find path.

Parameters:

  • findpath (defaults to: '/')

    The path on the system to start searching

Returns:

  • (Array)

51
52
53
54
55
56
# File 'lib/msf/core/post/solaris/system.rb', line 51

def get_suid_files(findpath = '/')
  out = cmd_exec("find #{findpath} -perm -4000 -print -xdev").to_s.split("\n")
  out.delete_if {|i| i.include?'Permission denied'}
rescue
  raise "Could not retrieve all SUID files"
end

#get_sysinfoObject

Returns a Hash containing Distribution Name, Version and Kernel Information


18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
# File 'lib/msf/core/post/solaris/system.rb', line 18

def get_sysinfo
  system_data = {}
  kernel_version = cmd_exec("uname -a")
  version = read_file("/etc/release").split("\n")[0].strip
  system_data[:version] = version
  system_data[:kernel] = kernel_version
  system_data[:hostname] = kernel_version.split(" ")[1]
  host_info = {
    :host => rhost,
    :os_name => 'Solaris',
    :name => system_data[:hostname]
  }
  # Test cases for these can be found here:
  #    http://rubular.com/r/MsGuhp89F0
  #    http://rubular.com/r/DWKG0jpPCk
  #    http://rubular.com/r/EjiIa1RFxB
  if /(?<OS>(?<!Open|Oracle )Solaris).+s2?(?<major>\d?\d)[x|s]?(_u)(?<minor>\d?\d)/ =~ system_data[:version]
    host_info[:os_flavor] = "#{major}.#{minor}"
  elsif /(?<OS>Oracle Solaris) (?<major>\d\d)\.(?<minor>\d?\d)/ =~ system_data[:version]
    host_info[:os_flavor] = "#{major}.#{minor}"
  elsif /(?<OS>OpenSolaris|OpenIndiana [\w]+) (?<major>\d\d\d\d)\.(?<minor>\d\d)/ =~ system_data[:version]
    host_info[:os_flavor] = "#{major}.#{minor}"
  end
  report_host(host_info)
  return system_data
end

#has_gcc?Boolean

Checks if the system has gcc installed

Returns:

  • (Boolean)

112
113
114
115
116
117
118
119
# File 'lib/msf/core/post/solaris/system.rb', line 112

def has_gcc?
  # /usr/sfw/bin - default gcc path on some systems
  # /opt/sfw/bin - default gcc path for gcc package
  # /opt/csw/bin - default gcc path for OpenCSW gcc package
  command_exists?('gcc') || command_exists?('/usr/sfw/bin/gcc') || command_exists?('/opt/sfw/bin/gcc') || command_exists?('/opt/csw/bin/gcc')
rescue
  raise 'Unable to check for gcc'
end

#pidof(program) ⇒ Array

Gets the process id(s) of `program`

Returns:

  • (Array)

125
126
127
128
129
130
131
132
# File 'lib/msf/core/post/solaris/system.rb', line 125

def pidof(program)
  pids = []
  full = cmd_exec('ps -elf').to_s
  full.split("\n").each do |pid|
    pids << pid.split(' ')[3].to_i if pid.include? program
  end
  pids
end