Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add source meta command for shell session #10509

Merged
merged 5 commits into from
Nov 26, 2018
Merged

Add source meta command for shell session #10509

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
fcd1527
[+] Add status print while resourcing scripts
Aug 12, 2018
8f0a37a
Merge remote-tracking branch 'upstream/master' into add-resource-meta…
Aug 22, 2018
29ff1ea
[+] Add source meta command to execute script remotely
Aug 22, 2018
e6140bc
Merge branch 'upstream-master' into add-source-meta-command
WangYihang Aug 30, 2018
a83e635
[+] Modify script permission in case of TOCTOU
WangYihang Aug 30, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
42 changes: 41 additions & 1 deletion lib/msf/base/sessions/command_shell.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,10 +86,11 @@ def commands
'help' => 'Help menu',
'background' => 'Backgrounds the current shell session',
'sessions' => 'Quickly switch to another session',
'resource' => 'Run the commands stored in a file',
'resource' => 'Run a meta commands script stored in a local file',
'shell' => 'Spawn an interactive shell (*NIX Only)',
'download' => 'Download files (*NIX Only)',
'upload' => 'Upload files (*NIX Only)',
'source' => 'Run a shell script on remote machine (*NIX Only)',
}
end

Expand Down Expand Up @@ -192,7 +193,9 @@ def cmd_resource(*args)
end
end
if good_res
print_status("Executing resource script #{good_res}")
load_resource(good_res)
print_status("Resource script #{good_res} complete")
else
print_error("#{res} is not a valid resource file")
next
Expand Down Expand Up @@ -423,6 +426,43 @@ def repr(data)
return data_repr
end

def cmd_source_help
print_line("Usage: source [file] [background]")
print_line
print_line("Execute a local shell script file on remote machine")
print_line("This meta command will upload the script then execute it on the remote machine")
print_line
print_line("background")
print_line("`y` represent execute the script in background, `n` represent on foreground")
end

def cmd_source(*args)
if args.length != 2
# no argumnets, just print help message
return cmd_source_help
end

background = args[1].downcase == 'y'

local_file = args[0]
remote_file = "/tmp/." + ::Rex::Text.rand_text_alpha(32) + ".sh"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You might want to protect the permissions of this file.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, I didn't understand what you mean. The file created here is for temporary use and after use, it will be deleted. I don't understand why I need to protect the permissions of this file.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@WangYihang: TOCTOU concerns about whether you're executing what you intended, or what someone with access to your system (or the path where this file is created on a remotely mounted FS) while you're working is intending (at time of use, of course).

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A good start is 0600 for a script executed directly by the shell.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay, I will update the code.


cmd_upload(local_file, remote_file)

# Change file permission in case of TOCTOU
shell_command("chmod 0600 #{remote_file}")

if background
print_status("Executing on remote machine background")
print_line(shell_command("nohup sh -x #{remote_file} &"))
else
print_status("Executing on remote machine foreground")
print_line(shell_command("sh -x #{remote_file}"))
end
print_status("Cleaning temp file on remote machine")
shell_command("rm -rf #{remote_file}")
end

#
# Explicitly runs a single line command.
#
Expand Down