|
1 | 1 | # -*- coding: binary -*- |
2 | 2 |
|
| 3 | +require 'rex' |
3 | 4 |
|
4 | 5 | module Msf |
5 | | -class Post |
6 | | -module Linux |
7 | | -module BusyBox |
8 | | - |
9 | | - include ::Msf::Post::Common |
10 | | - include ::Msf::Post::File |
11 | | - |
12 | | - # Checks if the file exists in the target |
13 | | - # |
14 | | - # @param file_path [String] the target file path |
15 | | - # @return [Boolean] true if files exists, false otherwise |
16 | | - # @note Msf::Post::File#file? doesnt work because test -f is not available in busybox |
17 | | - def busy_box_file_exist?(file_path) |
18 | | - contents = read_file(file_path) |
19 | | - if contents.nil? || contents.empty? |
20 | | - return false |
| 6 | + class Post |
| 7 | + module Linux |
| 8 | + module BusyBox |
| 9 | + include ::Msf::Post::Common |
| 10 | + include ::Msf::Post::File |
| 11 | + |
| 12 | + # |
| 13 | + # Checks if the file exists in the target |
| 14 | + # |
| 15 | + # @param file_path [String] the target file path |
| 16 | + # @return [Boolean] true if files exists, false otherwise |
| 17 | + # @note Msf::Post::File#file? doesnt work because test -f is not available in busybox |
| 18 | + # |
| 19 | + def busy_box_file_exist?(file_path) |
| 20 | + contents = read_file(file_path) |
| 21 | + if contents.nil? || contents.empty? |
| 22 | + return false |
| 23 | + end |
| 24 | + |
| 25 | + true |
| 26 | + end |
| 27 | + |
| 28 | + # |
| 29 | + # Checks if the directory is writable in the target |
| 30 | + # |
| 31 | + # @param dir_path [String] the target directory path |
| 32 | + # @return [Boolean] true if target directory is writable, false otherwise |
| 33 | + # |
| 34 | + def busy_box_is_writable_dir?(dir_path) |
| 35 | + res = false |
| 36 | + rand_str = Rex::Text.rand_text_alpha(16) |
| 37 | + file_path = "#{dir_path}/#{rand_str}" |
| 38 | + |
| 39 | + cmd_exec("echo #{rand_str}XXX#{rand_str} > #{file_path}") |
| 40 | + Rex.sleep(0.3) |
| 41 | + rcv = read_file(file_path) |
| 42 | + |
| 43 | + if rcv.include?("#{rand_str}XXX#{rand_str}") |
| 44 | + res = true |
| 45 | + end |
| 46 | + |
| 47 | + cmd_exec("rm -f #{file_path}") |
| 48 | + Rex.sleep(0.3) |
| 49 | + |
| 50 | + res |
| 51 | + end |
| 52 | + |
| 53 | + # |
| 54 | + # Checks some directories that usually are writable in devices running busybox |
| 55 | + # |
| 56 | + # @return [String] If the function finds a writable directory, it returns the path. Else it returns nil |
| 57 | + # |
| 58 | + def busy_box_writable_dir |
| 59 | + dirs = %w[/etc/ /mnt/ /var/ /var/tmp/] |
| 60 | + |
| 61 | + dirs.each do |d| |
| 62 | + return d if busy_box_is_writable_dir?(d) |
| 63 | + end |
| 64 | + |
| 65 | + nil |
| 66 | + end |
| 67 | + |
| 68 | + # |
| 69 | + # Writes data to a file |
| 70 | + # |
| 71 | + # @param file_path [String] the file path to write on the target |
| 72 | + # @param data [String] the content to be written |
| 73 | + # @param prepend [Boolean] if true, prepend the data to the target file. Otherwise, overwrite |
| 74 | + # the target file |
| 75 | + # @return [Boolean] true if target file is writable and it was written. Otherwise, false. |
| 76 | + # @note BusyBox commands are limited and Msf::Post::File#write_file doesn't work here, because |
| 77 | + # of it is necessary to implement an specific method. |
| 78 | + # |
| 79 | + def busy_box_write_file(file_path, data, prepend = false) |
| 80 | + if prepend |
| 81 | + dir = busy_box_writable_dir |
| 82 | + return false unless dir |
| 83 | + |
| 84 | + cmd_exec("cp -f #{file_path} #{dir}tmp") |
| 85 | + Rex.sleep(0.3) |
| 86 | + end |
| 87 | + |
| 88 | + rand_str = Rex::Text.rand_text_alpha(16) |
| 89 | + cmd_exec("echo #{rand_str} > #{file_path}") |
| 90 | + Rex.sleep(0.3) |
| 91 | + |
| 92 | + unless read_file(file_path).include?(rand_str) |
| 93 | + return false |
| 94 | + end |
| 95 | + |
| 96 | + cmd_exec("echo \"\"> #{file_path}") |
| 97 | + Rex.sleep(0.3) |
| 98 | + |
| 99 | + lines = data.lines.map(&:chomp) |
| 100 | + lines.each do |line| |
| 101 | + cmd_exec("echo #{line.chomp} >> #{file_path}") |
| 102 | + Rex.sleep(0.3) |
| 103 | + end |
| 104 | + |
| 105 | + if prepend |
| 106 | + cmd_exec("cat #{dir}tmp >> #{file_path}") |
| 107 | + Rex.sleep(0.3) |
| 108 | + |
| 109 | + cmd_exec("rm -f #{dir}tmp") |
| 110 | + Rex.sleep(0.3) |
| 111 | + end |
| 112 | + |
| 113 | + true |
| 114 | + end |
| 115 | + end |
21 | 116 | end |
22 | | - |
23 | | - true |
24 | | - end |
25 | | - |
26 | | - # Checks if the directory is writable in the target |
27 | | - # |
28 | | - # @param dir_path [String] the target directory path |
29 | | - # @return [Boolean] true if target directory is writable, false otherwise |
30 | | - def busy_box_is_writable_dir?(dir_path) |
31 | | - res = false |
32 | | - rand_str = Rex::Text.rand_text_alpha(16) |
33 | | - file_path = "#{dir_path}/#{rand_str}" |
34 | | - |
35 | | - cmd_exec("echo #{rand_str}XXX#{rand_str} > #{file_path}") |
36 | | - Rex::sleep(0.3) |
37 | | - rcv = read_file(file_path) |
38 | | - |
39 | | - if rcv.include?("#{rand_str}XXX#{rand_str}") |
40 | | - res = true |
41 | | - end |
42 | | - |
43 | | - cmd_exec("rm -f #{file_path}") |
44 | | - Rex::sleep(0.3) |
45 | | - |
46 | | - res |
47 | | - end |
48 | | - |
49 | | - # Checks some directories that usually are writable in devices running busybox |
50 | | - # @return [String] If the function finds a writable directory, it returns the path. Else it returns nil |
51 | | - def busy_box_writable_dir |
52 | | - dirs = %w(/etc/ /mnt/ /var/ /var/tmp/) |
53 | | - |
54 | | - dirs.each do |d| |
55 | | - return d if busy_box_is_writable_dir?(d) |
56 | | - end |
57 | | - |
58 | | - nil |
59 | | - end |
60 | | - |
61 | | - |
62 | | - # Writes data to a file |
63 | | - # |
64 | | - # @param file_path [String] the file path to write on the target |
65 | | - # @param data [String] the content to be written |
66 | | - # @param prepend [Boolean] if true, prepend the data to the target file. Otherwise, overwrite |
67 | | - # the target file |
68 | | - # @return [Boolean] true if target file is writable and it was written. Otherwise, false. |
69 | | - # @note BusyBox commands are limited and Msf::Post::File#write_file doesn't work here, because |
70 | | - # of it is necessary to implement an specific method. |
71 | | - def busy_box_write_file(file_path, data, prepend = false) |
72 | | - if prepend |
73 | | - dir = busy_box_writable_dir |
74 | | - return false unless dir |
75 | | - cmd_exec("cp -f #{file_path} #{dir}tmp") |
76 | | - Rex::sleep(0.3) |
77 | | - end |
78 | | - |
79 | | - rand_str = Rex::Text.rand_text_alpha(16) |
80 | | - cmd_exec("echo #{rand_str} > #{file_path}") |
81 | | - Rex::sleep(0.3) |
82 | | - |
83 | | - unless read_file(file_path).include?(rand_str) |
84 | | - return false |
85 | | - end |
86 | | - |
87 | | - cmd_exec("echo \"\"> #{file_path}") |
88 | | - Rex::sleep(0.3) |
89 | | - |
90 | | - lines = data.lines.map(&:chomp) |
91 | | - lines.each do |line| |
92 | | - cmd_exec("echo #{line.chomp} >> #{file_path}") |
93 | | - Rex::sleep(0.3) |
94 | | - end |
95 | | - |
96 | | - if prepend |
97 | | - cmd_exec("cat #{dir}tmp >> #{file_path}") |
98 | | - Rex::sleep(0.3) |
99 | | - |
100 | | - cmd_exec("rm -f #{dir}tmp") |
101 | | - Rex::sleep(0.3) |
102 | | - end |
103 | | - |
104 | | - true |
105 | 117 | end |
106 | | -end # Busybox |
107 | | -end # Linux |
108 | | -end # Post |
109 | | -end # Msf |
| 118 | +end |
0 commit comments