Module: Msf::Post::Solaris::System

Includes:
Common, File, Unix
Defined in:
lib/msf/core/post/solaris/system.rb

Instance Method Summary collapse

Methods included from Unix

#enum_user_directories, #get_groups, #get_session_pid, #get_users, #is_root?, #whoami

Methods included from File

#_append_file_powershell, #_append_file_unix_shell, #_can_echo?, #_read_file_meterpreter, #_read_file_powershell, #_read_file_powershell_fragment, #_shell_command_with_success_code, #_shell_process_with_success_code, #_unix_max_line_length, #_win_ansi_append_file, #_win_ansi_write_file, #_win_bin_append_file, #_win_bin_write_file, #_write_file_meterpreter, #_write_file_powershell, #_write_file_powershell_fragment, #_write_file_unix_shell, #append_file, #attributes, #cd, #chmod, #copy_file, #dir, #directory?, #executable?, #exist?, #expand_path, #exploit_data, #exploit_source, #file?, #file_local_write, #file_remote_digestmd5, #file_remote_digestsha1, #file_remote_digestsha2, #immutable?, #initialize, #mkdir, #pwd, #read_file, #readable?, #rename_file, #rm_f, #rm_rf, #setuid?, #stat, #upload_and_chmodx, #upload_file, #writable?, #write_file

Methods included from Common

#clear_screen, #cmd_exec, #cmd_exec_get_pid, #cmd_exec_with_result, #command_exists?, #create_process, #get_env, #get_envs, #initialize, #peer, #report_virtualization, #rhost, #rport

Instance Method Details

#get_cpu_infoHash

Gets basic information about the system’s CPU.

Returns:

  • (Hash) 


67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
 
# File 'lib/msf/core/post/solaris/system.rb', line 67

def get_cpu_info
  info = {}
  orig = cmd_exec('kstat -m cpu_info -p').to_s
  cpuinfo = orig.split("\n")
  # This is probably a more platform independent way to parse the results (compared to splitting and assigning preset indices to values)
  cpuinfo.each do |l|
    info[:speed_mhz]   = l.split(':')[3].split("\t")[1].to_i if l.include? 'clock_MHz'
    info[:product]     = l.split(':')[3].split("\t")[1]      if l.include? 'brand'
    info[:vendor]      = l.split(':')[3].split("\t")[1]      if l.include? 'vendor_id'
    info[:cores]       = l.split(':')[3].split("\t")[1].to_i if l.include? 'ncore_per_chip'
  end
  return info
rescue
  raise "Could not get CPU information"
end

#get_hostnameString

Gets the hostname of the system

Returns:

  • (String) 


87
88
89
90
91
 
# File 'lib/msf/core/post/solaris/system.rb', line 87

def get_hostname
  cmd_exec('uname -n').to_s
rescue
  raise 'Unable to retrieve hostname'
end

#get_mount_path(filepath) ⇒ String

Gets the mount point of ‘filepath`

Parameters:

  • filepath (String)

    The filepath to get the mount point

Returns:

  • (String) 


122
123
124
125
126
 
# File 'lib/msf/core/post/solaris/system.rb', line 122

def get_mount_path(filepath)
  cmd_exec("df \"#{filepath}\" | tail -1").split(' ')[0]
rescue
  raise "Unable to get mount path of #{filepath}"
end

#get_pathObject

Gets the $PATH environment variable



57
58
59
60
61
 
# File 'lib/msf/core/post/solaris/system.rb', line 57

def get_path
  cmd_exec('echo $PATH').to_s
rescue
  raise "Unable to determine path"
end

#get_shell_nameString

Gets the name of the current shell

Returns:

  • (String) 


97
98
99
100
101
102
 
# File 'lib/msf/core/post/solaris/system.rb', line 97

def get_shell_name
  psout = cmd_exec('ps -p $$').to_s
  psout.split("\n").last.split(' ')[3]
rescue
  raise 'Unable to gather shell name'
end

#get_suid_files(findpath = '/') ⇒ Array

Gathers all SUID files on the filesystem. NOTE: This uses the Linux ‘find` command. It will most likely take a while to get all files. Consider specifying a more narrow find path.

Parameters:

  • findpath (defaults to: '/')

    The path on the system to start searching

Returns:

  • (Array) 


47
48
49
50
51
52
 
# File 'lib/msf/core/post/solaris/system.rb', line 47

def get_suid_files(findpath = '/')
  out = cmd_exec("find #{findpath} -perm -4000 -print -xdev").to_s.split("\n")
  out.delete_if {|i| i.include?'Permission denied'}
rescue
  raise "Could not retrieve all SUID files"
end

#get_sysinfoObject

Returns a Hash containing Distribution Name, Version and Kernel Information



14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'lib/msf/core/post/solaris/system.rb', line 14

def get_sysinfo
  system_data = {}
  kernel_version = cmd_exec("uname -a")
  version = read_file("/etc/release").split("\n")[0].strip
  system_data[:version] = version
  system_data[:kernel] = kernel_version
  system_data[:hostname] = kernel_version.split(" ")[1]
  host_info = {
    :host => rhost,
    :os_name => 'Solaris',
    :name => system_data[:hostname]
  }
  # Test cases for these can be found here:
  #    http://rubular.com/r/MsGuhp89F0
  #    http://rubular.com/r/DWKG0jpPCk
  #    http://rubular.com/r/EjiIa1RFxB
  if /(?<OS>(?<!Open|Oracle )Solaris).+s2?(?<major>\d?\d)[x|s]?(_u)(?<minor>\d?\d)/ =~ system_data[:version]
    host_info[:os_flavor] = "#{major}.#{minor}"
  elsif /(?<OS>Oracle Solaris) (?<major>\d\d)\.(?<minor>\d?\d)/ =~ system_data[:version]
    host_info[:os_flavor] = "#{major}.#{minor}"
  elsif /(?<OS>OpenSolaris|OpenIndiana [\w]+) (?<major>\d\d\d\d)\.(?<minor>\d\d)/ =~ system_data[:version]
    host_info[:os_flavor] = "#{major}.#{minor}"
  end
  report_host(host_info)
  return system_data
end

#has_gcc?Boolean

Checks if the system has gcc installed

Returns:

  • (Boolean) 


108
109
110
111
112
113
114
115
 
# File 'lib/msf/core/post/solaris/system.rb', line 108

def has_gcc?
  # /usr/sfw/bin - default gcc path on some systems
  # /opt/sfw/bin - default gcc path for gcc package
  # /opt/csw/bin - default gcc path for OpenCSW gcc package
  command_exists?('gcc') || command_exists?('/usr/sfw/bin/gcc') || command_exists?('/opt/sfw/bin/gcc') || command_exists?('/opt/csw/bin/gcc')
rescue
  raise 'Unable to check for gcc'
end