Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Pseudo-Shell Post-Exploitation Module

🗓️ 19 Jun 2018 10:39:41Reported by Alberto Rafael Rodriguez Iglesias <[email protected]>Type 
metasploit
 metasploit🔗 www.rapid7.com👁 33 Views

Pseudo-Shell Post-Exploitation Module for Linu

Code
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

require 'readline'

class MetasploitModule < Msf::Post
  include Msf::Post::File
  include Msf::Post::Unix
  include Msf::Post::Linux::System
  include Msf::Post::Linux::Priv

  HELP_COMMANDS = [
    ['help', 'help', 0, 'Show current help'],
    ['?', 'help', 0, 'Show current help'],
    ['ls', 'dir', 1, 'List files and folders in a directory'],
    ['cat', 'read_file', 1, 'Show file contents'],
    ['whoami', 'whoami', 0, 'Show current user'],
    ['cd', 'cd', 1, 'Change current directory'],
    ['users', 'get_users', 0, 'Show list of users'],
    ['groups', 'get_groups', 0, 'Show list of groups'],
    ['pwd', 'pwd', 0, 'Show current PATH'],
    ['interfaces', 'interfaces', 0, 'Show list of network interfaces'],
    ['path', 'get_path', 0, 'Show current directories included in $PATH enviroment variable'],
    ['macs', 'macs', 0, 'Show list of MAC addresses'],
    ['shell', 'get_shell_name', 0, 'Show current SHELL'],
    ['hostname', 'get_hostname', 0, 'Show current Hostname'],
    ['ips', 'ips', 0, 'Show list of current IP addresses'],
    ['isroot?', 'is_root?', 0, 'Show if current user has root permisions'],
    ['exit', '', 0, 'Exit the Pseudo-shell'],
    ['tcp_ports', 'listen_tcp_ports', 0, 'Show list of listen TCP ports'],
    ['udp_ports', 'listen_udp_ports', 0, 'Show list of listen UDP ports'],
    ['clear', 'clear_screen', 0, 'Clear screen']
  ].sort

  LIST = [].sort
  HELP_COMMANDS.each do |linea|
    LIST.insert(-1, linea[0])
  end

  def initialize
    super(
      'Name' => 'Pseudo-Shell Post-Exploitation Module',
      'Description' => %q{
        This module will run a Pseudo-Shell.
      },
      'Author' => 'Alberto Rafael Rodriguez Iglesias <albertocysec[at]gmail.com>',
      'License' => MSF_LICENSE,
      'Platform' => ['linux'],
      'SessionTypes' => ['shell', 'meterpreter']
    )
  end

  def run
    @vhostname = get_hostname
    @vusername = whoami
    @vpromptchar = is_root? ? '#' : '$'
    prompt
  end

  def parse_cmd(cmd)
    parts = cmd.split(' ')
    return '' unless parts.length >= 1

    cmd = parts[0]
    nargs = parts.length - 1
    HELP_COMMANDS.each do |linea|
      next unless linea[0] == cmd

      func = linea[1]
      if nargs >= 1
        if linea[2] == 1
          args = parts[1]
        else
          nargs = 0
        end
      else
        args = ''
      end

      return func, cmd, args, nargs
    end

    error = get_shell_name
    message = "#{error}: #{cmd}: Command does not exist\n"
    print message
    message
  end

  def help
    print "\n"
    print "Commands Help\n"
    print "==============\n"
    print "\n"
    printf("\t%-20s%-100s\n", 'Command', 'Description')
    printf("\t%-20s%-100s\n", '-------', '-----------')
    HELP_COMMANDS.each do |linea|
      printf("\t%-20s%-100s\n", linea[0], linea[3])
    end
    print "\n"
  end

  def prompt_show
    promptshell = "#{@vusername}@#{@vhostname}:#{pwd.strip}#{@vpromptchar} "
    comp = proc { |s| LIST.grep(/^#{Regexp.escape(s)}/) }
    Readline.completion_append_character = ' '
    Readline.completion_proc = comp
    input = Readline.readline(promptshell, true)
    return nil if input.nil?

    input
  end

  def prompt
    while (input = prompt_show)
      break if input == 'exit'
      break if input == 'exit '

      begin
        func, command, args, nargs = parse_cmd(input)
        nargs = nargs.to_i
        if command == 'ls' && (nargs == 0)
          nargs += 1
          ruta = pwd
          args = ruta
        end
        if nargs > 0
          args = args.strip
          resultado = public_send(func.to_s, args.to_s)
        elsif input == ''
          resultado = []
          resultado.insert(-1, '')
        else
          resultado = public_send(func.to_s)
        end
        if !resultado.nil? == resultado
          if command == 'isroot?'
            print resultado ? "true\n" : "false\n"
          end
        elsif resultado.instance_of?(Array)
          print resultado.join("\n")
          print "\n"
        elsif resultado.strip != ''
          print resultado.chomp + "\n"
        end
      rescue StandardError # begin
        next
      end
    end
  end
end

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
02 Oct 2024 12:15Current
7.3High risk
Vulners AI Score7.3
metasploitpseudo-shellpost-exploitationmodulelinuxshellmeterpreterfileunixsystemprivilegeusersgroupsnetworkinterfacespathmac addresseshostnameip addressesroot permissionstcp portsudp portsclear screen
33