Module: Msf::Post::Unix

Included in:
Linux::Compile, Linux::System, Solaris::System
Defined in:
lib/msf/core/post/unix.rb

Instance Method Summary collapse

Instance Method Details

#enum_user_directoriesObject

Enumerates the user directories in /Users or /home



77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
# File 'lib/msf/core/post/unix.rb', line 77

def enum_user_directories
  user_dirs = []

  # get all user directories from /etc/passwd
  passwd = '/etc/passwd'
  if file_exist?(passwd)
    read_file(passwd).each_line do |passwd_line|
      user_dirs << passwd_line.split(/:/)[5]
    end
  end

  # also list other common places for home directories in the event that
  # the users aren't in /etc/passwd (LDAP, for example)
  case session.platform
  when 'osx'
    user_dirs << cmd_exec('ls /Users').each_line.map { |l| "/Users/#{l}" }
  else
    user_dirs << cmd_exec('ls /home').each_line.map { |l| "/home/#{l}" }
  end

  user_dirs.flatten!
  user_dirs.compact!
  user_dirs.sort!
  user_dirs.uniq!
  user_dirs
end

#get_groupsObject

Returns an array of hashes each hash representing a user group Keys are name, gid and users



57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
# File 'lib/msf/core/post/unix.rb', line 57

def get_groups
  groups = []
  group = '/etc/group'
  if file_exist?(group)
    cmd_out = read_file(group).split("\n")
    cmd_out.each do |l|
      entry = {}
      user_field = l.split(":")
      entry[:name] = user_field[0]
      entry[:gid] = user_field[2]
      entry[:users] = user_field[3]
      groups << entry
    end
  end
  return groups
end

#get_session_pidString

Gets the pid of the current session

Returns:

  • (String)


17
18
19
# File 'lib/msf/core/post/unix.rb', line 17

def get_session_pid
  cmd_exec("echo $PPID").to_s
end

#get_usersObject

Returns an array of hashes each representing a user Keys are name, uid, gid, info, dir and shell



25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
# File 'lib/msf/core/post/unix.rb', line 25

def get_users
  users = []
  etc_passwd = nil
  [
    "/etc/passwd",
    "/etc/security/passwd",
    "/etc/master.passwd",
  ].each { |f|
    if file_exist?(f)
      etc_passwd = f
      break
    end
  }
  cmd_out = read_file(etc_passwd).split("\n")
  cmd_out.each do |l|
    entry = {}
    user_field = l.split(":")
    entry[:name] = user_field[0]
    entry[:uid] = user_field[2]
    entry[:gid] = user_field[3]
    entry[:info] = user_field[4]
    entry[:dir] = user_field[5]
    entry[:shell] = user_field[6]
    users << entry
  end
  return users
end

#is_root?Boolean

Returns true if session is running as uid=0.

Returns:

  • (Boolean)

    true if session is running as uid=0



9
10
11
# File 'lib/msf/core/post/unix.rb', line 9

def is_root?
  (cmd_exec('id -u').to_s.gsub(/[^\d]/, '') == '0')
end

#whoamiString

It returns the username of the current user

Returns:

  • (String)

    with username



108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
# File 'lib/msf/core/post/unix.rb', line 108

def whoami
  shellpid = get_session_pid()
  status = read_file("/proc/#{shellpid}/status")
  status.each_line do |line|
    split = line.split(":")
    if split[0] == "Uid"
      regex = /.*\s(.*)\s/
      useridtmp = split[1]
      userid = useridtmp[regex, 1]
      uid = userid.to_s
      passwd = read_file("/etc/passwd")
      passwd.each_line do |line|
        parts = line.split(":")
        uid_passwd = parts[2].to_s
        user = parts[0].to_s
        if uid_passwd == uid
          return user
        end
      end
    end
  end
end