Persistence directory #19815
Persistence directory #19815
Conversation
|
I'm going to go ahead and mark this as ready for review, even though it's not. I'd like to get some eyes on the non-windows and LIB side of things. that way if there are changes, I can apply them globally instead of doing, redoing and reredoing the work. Docs are not ready, but again I only want to update them once. |
| update_info( | ||
| info, | ||
| 'DefaultOptions' => { | ||
| 'WfsDelay' => 90_000, # 25hrs |
There was a problem hiding this comment.
I think the directory structure makes a lot of sense. Assuming the contents of the files haven't changed too much we should be able to process this pretty quickly. I like the checklist you have going with the modules that make sense to consolidate and agree that'd be a good move but doing so in a dedicated PR would probably help make review easier and faster.
| }, | ||
| # https://github.com/rapid7/metasploit-framework/pull/19676#discussion_r1907594308 | ||
| 'Stance' => Msf::Exploit::Stance::Passive | ||
| # 'Passive' => true # XXX when set, ignores wfsdelay and immediately exists after last command |
There was a problem hiding this comment.
I think we'd want WfsDelay to be ignored so the module runs in the background indefinitely or until it's stopped.
There was a problem hiding this comment.
I agree with the above, just adding a little bit of extra context:
https://docs.metasploit.com/docs/development/developing-modules/guides/get-started-writing-an-exploit.html#non-required-fields
When setting 'Passive' => true the module will exit but you should be able to see the handler running as a job in the background withjobs -l.
There was a problem hiding this comment.
Its true and does, but not when the modules are moved to the persistence folder.
|
|
||
| register_advanced_options( | ||
| [ | ||
| OptString.new('WritableDir', [true, 'A directory where we can write files', '/tmp/']) |
There was a problem hiding this comment.
Since this isn't tied to a specific platform, what if we left the default value blank then determined it at runtime and set it to something sensible based on the target platform.
There was a problem hiding this comment.
That's fine, is there a way to set the value in the module /wo overwriting all the text? Something like
set_option('WritableDir', '/tmp/') or do I have to overwrite it like:
OptString.new('WritableDir', [true, 'A directory where we can write files', '/tmp/'])
|
Hello @h00die, I've investigated the functionality of the First of all, looks like the |
| logs = ::File.join(Msf::Config.log_directory, 'persistence', Rex::FileUtils.clean_path(host + filenameinfo)) | ||
| # Create the log directory | ||
| ::FileUtils.mkdir_p(logs) | ||
|
|
||
| # logfile name | ||
| clean_rc = logs + ::File::Separator + Rex::FileUtils.clean_path(host + filenameinfo) + '.rc' | ||
| file_local_write(clean_rc, @clean_up_rc) |
There was a problem hiding this comment.
This ends up making folders that feel repetitive, for instance:
/root/.msf4/logs/persistence/111.111.1.11_20250204.4245/111.111.1.11_20250204.4245.rc
Maybe instead we should include the module name?/root/.msf4/logs/persistence/111.111.1.11/apt_package_manager_20250204.4245.rc
feels a little better to me. I don't think we need the Time on both the folder and file, but you may run the same persistence multiple times on a host so that made me think putting it on the file instead of the folder may be better.
There was a problem hiding this comment.
Sounds good to add the module name on the rc file name, thinking how to do it from the mixin, but should be doable.
Fixes #19592 .
Move modules to a persistence directory
TO DO
Msf::Exploit::Localinclude Msf::Exploit::Local::Persistence, andprepend Msf::Exploit::Remote::AutoCheckcheckmethodNotesfield,DisclosureDatefieldWritableDirorderegisterit.moved_fromandDeprecatedmixin.install_persistenceand cleanup over rc-fileFuture Items
These will be converted to issues to do outside of this big change.
windows/registry_vbs.rb,windows/registry.rb, should be combined since they do nearly the same thing. one just drops a VBS script on system, the other writes it all into the registrywindows/persistence_exe.rbshould be divided up. It can write to the registry, which duplicates the above, it can write a service, which duplicateswindows/service.rb, and can make a task.sshkeyand windowssshkey, they should be combined and moved to multi.linux/service.rbfeels overly complex between the different service systems. I think breaking it into the following would be best:system_v_persistence.rb,upstart_persistence.rb,openrc_persistence.rb,systemd_persistence.rc.Maybe removing the code bits to be indatawould help as well, but may not be needed once its broken up?sshkeymodules should executessh_login_pubkey. While there's a mixin for CheckModule, we may want something likePayloadModuleor something similar to avoid rewriting code.Assistance
Would love assistance and suggestions on this! Mainly at this point figuring out why setting
Passivetotruein the lib makes the modules exit at the end of code and not keep running (even though theyre running as a job)