Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Persistence directory #19815

Open
wants to merge 84 commits into
base: master
Choose a base branch
from
+4,237 −2,060
Open

Persistence directory #19815

Show file tree
Hide file tree
Changes from 19 commits
Commits
Show all changes
84 commits
Select commit Hold shift + click to select a range
62b951d
move persistence files to their own folder
h00die Jan 17, 2025
b9539bb
rubocop persistence modules
h00die Jan 17, 2025
e3545f3
msftidy changes for persistence folder
h00die Jan 17, 2025
8138fe1
finish renaming persistence docs
h00die Jan 19, 2025
d56d7ab
move persistence under exploit
h00die Jan 19, 2025
9b7cc8f
modernization, updates, testing of apt_package_manager
h00die Jan 20, 2025
1fbd81d
modernization, updates, testing of autostart
h00die Jan 20, 2025
1877601
modernization, updates, testing of bash_profile
h00die Jan 20, 2025
43244ca
create persistence lib to standardize options
h00die Jan 20, 2025
5039513
modernization, updates, testing of cron
h00die Jan 20, 2025
9de657e
modernization, updates, testing of persistence modules
h00die Jan 20, 2025
d57237e
modernization, updates, testing of motd
h00die Jan 20, 2025
a2179ab
modernization, updates, testing of rc.local
h00die Jan 20, 2025
15cfde7
modernization, updates, testing of linux service
h00die Jan 20, 2025
c035123
modernization, updates, testing of linux yum module
h00die Jan 20, 2025
d65f2d4
further adjustments for persistence
h00die Jan 20, 2025
7cfc28a
modernization, updates, testing of obsidian module
h00die Jan 20, 2025
e76aa56
modernization, updates, testing of launch_plist module
h00die Jan 20, 2025
a1a8c26
add link with lib
h00die Jan 20, 2025
770930d
storing unfinished modules
h00die Jan 20, 2025
20cdc45
wmi persistence module
h00die Jan 28, 2025
1d19dc2
vss persistence
h00die Jan 28, 2025
faad050
sticky keys update
h00die Jan 29, 2025
3607d5b
sticky keys update
h00die Jan 29, 2025
ca16ee2
sticky keys update
h00die Jan 29, 2025
cda0881
windows ssh keys update
h00die Jan 29, 2025
74acdf2
feat: persistence mixin draft
dledda-r7 Jan 29, 2025
7542fa1
feat: draft bash_profile using persistence mixin
dledda-r7 Jan 29, 2025
772ac96
windows persistence service conversion
h00die Jan 29, 2025
6b45fb3
feat: persistence mixin and bash_profile persistence
dledda-r7 Jan 30, 2025
7b45372
system_v persistence pulled out from service module
h00die Jan 30, 2025
4af21a6
Merge remote-tracking branch 'origin/persistence_dir' into persistenc…
h00die Jan 30, 2025
5a5e813
linux service persistence module split apart
h00die Jan 31, 2025
186b74c
feat: persistence mixin cleanup via rc-file
dledda-r7 Jan 31, 2025
782bd3b
feat: bash_profile persistence cleanup rc-file
dledda-r7 Jan 31, 2025
57dd846
feat: apt_package_manager persistence cleanup rc-file
dledda-r7 Jan 31, 2025
e154902
feat: autostart persistence cleanup rc-file
dledda-r7 Jan 31, 2025
490e810
rename linux persistence services to inits
h00die Jan 31, 2025
1da8e44
unix at persistence
h00die Jan 31, 2025
e62acab
s4u persistence module
h00die Jan 31, 2025
3bbf381
windows registry persistence module
h00die Jan 31, 2025
868775e
windows ps_persist
h00die Jan 31, 2025
6e29418
process_exit_debugger udpates
h00die Jan 31, 2025
a17e152
persistence consistencies
h00die Jan 31, 2025
5188b20
windows persistence moved to registry_vbs
h00die Feb 1, 2025
2228190
windows persistence moved to registry_vbs
h00die Feb 1, 2025
c159660
windows persistence small fixes
h00die Feb 1, 2025
5dee099
windows persistence_exe updates
h00die Feb 1, 2025
3a079b1
windows persistence_exe updates
h00die Feb 1, 2025
5c090d8
rubocop fixes
h00die Feb 1, 2025
e8fafed
fix notes metadata for unix at persistence
h00die Feb 1, 2025
c36f98a
create persistence suggester
h00die Feb 2, 2025
7058546
create persistence suggester
h00die Feb 2, 2025
fb8e740
fixes for persistence checks
h00die Feb 2, 2025
7d47bee
fix: add cleanup function persistence mixin
dledda-r7 Feb 3, 2025
4519ee9
fix: removed cleanup_persistence function in bash_profile
dledda-r7 Feb 3, 2025
5deede9
fix: cron persistence with new mixin and cleanup rc file
dledda-r7 Feb 4, 2025
1a74cb4
fix: init_openrc persistence with new mixin and cleanup rc file
dledda-r7 Feb 4, 2025
8c336f8
fix: init_systemd persistence with new mixin and cleanup rc file
dledda-r7 Feb 4, 2025
68a1008
fix: init_sysvinit persistence with new mixin and cleanup rc file
dledda-r7 Feb 4, 2025
c06e2ab
fix: motd and init_upstart persistence with new mixin and cleanup rc …
dledda-r7 Feb 4, 2025
b41aa6b
fix: rc_local persistence with new mixin and cleanup rc file
dledda-r7 Feb 4, 2025
d7b55e7
fix: sshkey persistence with new mixin and cleanup rc file
dledda-r7 Feb 4, 2025
b9141fc
fix: fix missing newline cleanup on init_systemd
dledda-r7 Feb 4, 2025
9ceb60d
fix: yum_package_manager persistence with new mixin and cleanup rc file
dledda-r7 Feb 4, 2025
0762a13
fix: obsidian persistence with new mixin and cleanup rc file
dledda-r7 Feb 4, 2025
c07e28f
fix: launch_plist persistence with new mixin and cleanup rc file
dledda-r7 Feb 4, 2025
7db3160
fix: at persistence with new mixin and cleanup rc file
dledda-r7 Feb 4, 2025
0ea714e
Merge remote-tracking branch 'origin/persistence_dir' into persistenc…
h00die Feb 4, 2025
6589d78
working on autostart
h00die Feb 5, 2025
78c7a96
working on autostart
h00die Feb 6, 2025
a935ce0
at(1) working
h00die Feb 6, 2025
d902ba8
autostart finished
h00die Feb 6, 2025
e2fd131
bash_profile finished
h00die Feb 7, 2025
364d1a5
fix: s4u persistence with new mixin and cleanup rc file
dledda-r7 Feb 6, 2025
a3dcbf6
fix: process_exit_debugger persistence with new mixin and cleanup rc …
dledda-r7 Feb 6, 2025
37cd4c1
x: s4u persistence check method and cleanup fix
dledda-r7 Feb 7, 2025
fe6da60
fix: registry persistence with new mixin and cleanup rc file
dledda-r7 Feb 7, 2025
4fdd4ac
fix: vss persistence with new mixin and cleanup rc file
dledda-r7 Feb 7, 2025
0ecac47
fix: registry_vbs persistence with new mixin and cleanup rc file
dledda-r7 Feb 7, 2025
ce1835b
fix: persistence_exe persistence with new mixin and cleanup rc file
dledda-r7 Feb 7, 2025
f6159e2
fix: ps_persist persistence with new mixin and cleanup rc file
dledda-r7 Feb 7, 2025
a190de4
fix: service persistence with new mixin and cleanup rc file
dledda-r7 Feb 7, 2025
fa71e06
fix: persistence_exe install_persistence instead of run
dledda-r7 Feb 7, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
0 .../local/apt_package_manager_persistence.md → .../persistence/linux/apt_package_manager.md
View file
Open in desktop
File renamed without changes.
0 ...loit/linux/local/autostart_persistence.md → ...loit/linux/persistence/linux/autostart.md
View file
Open in desktop
File renamed without changes.
0 ...t/linux/local/bash_profile_persistence.md → ...t/linux/persistence/linux/bash_profile.md
View file
Open in desktop
File renamed without changes.
0 ...s/exploit/linux/local/cron_persistence.md → ...s/exploit/linux/persistence/linux/cron.md
View file
Open in desktop
File renamed without changes.
0 ...s/exploit/linux/local/motd_persistence.md → ...s/exploit/linux/persistence/linux/motd.md
View file
Open in desktop
File renamed without changes.
0 ...ploit/linux/local/rc_local_persistence.md → ...ploit/linux/persistence/linux/rc_local.md
View file
Open in desktop
File renamed without changes.
0 ...s/post/linux/manage/sshkey_persistence.md → ...exploit/linux/persistence/linux/sshkey.md
View file
Open in desktop
File renamed without changes.
0 .../local/yum_package_manager_persistence.md → .../persistence/linux/yum_package_manager.md
View file
Open in desktop
File renamed without changes.
0 ...ulti/local/obsidian_plugin_persistence.md → ...ulti/persistence/multi/obsidian_plugin.md
View file
Open in desktop
File renamed without changes.
0 ...ules/exploit/unix/local/at_persistence.md → ...dules/exploit/unix/persistence/unix/at.md
View file
Open in desktop
File renamed without changes.
0 ...loit/windows/local/persistence_service.md → ...ersistence/windows/persistence_service.md
View file
Open in desktop
File renamed without changes.
0 ...s/local/persistence_image_exec_options.md → ...sistence/windows/process_exit_debugger.md
View file
Open in desktop
File renamed without changes.
0 ...dules/exploit/windows/local/ps_persist.md → ...windows/persistence/windows/ps_persist.md
View file
Open in desktop
File renamed without changes.
0 ...post/windows/manage/sshkey_persistence.md → ...oit/windows/persistence/windows/sshkey.md
View file
Open in desktop
File renamed without changes.
26 changes: 26 additions & 0 deletions lib/msf/core/exploit/local/persistence.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
# -*- coding: binary -*-

module Msf
module Exploit::Local::Persistence
def initialize(info = {})
super(
update_info(
info,
'DefaultOptions' => {
'WfsDelay' => 90_000, # 25hrs
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#19821 (comment)

'AllowNoCleanup' => true # don't delete our persistence after we get a shell
},
# https://github.com/rapid7/metasploit-framework/pull/19676#discussion_r1907594308
'Stance' => Msf::Exploit::Stance::Passive
# 'Passive' => true # XXX when set, ignores wfsdelay and immediately exists after last command
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we'd want WfsDelay to be ignored so the module runs in the background indefinitely or until it's stopped.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree with the above, just adding a little bit of extra context:
https://docs.metasploit.com/docs/development/developing-modules/guides/get-started-writing-an-exploit.html#non-required-fields

When setting 'Passive' => true the module will exit but you should be able to see the handler running as a job in the background withjobs -l.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Its true and does, but not when the modules are moved to the persistence folder.

)
)

register_advanced_options(
[
OptString.new('WritableDir', [true, 'A directory where we can write files', '/tmp/'])
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since this isn't tied to a specific platform, what if we left the default value blank then determined it at runtime and set it to something sensible based on the target platform.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's fine, is there a way to set the value in the module /wo overwriting all the text? Something like
set_option('WritableDir', '/tmp/') or do I have to overwrite it like:
OptString.new('WritableDir', [true, 'A directory where we can write files', '/tmp/'])

]
)
end
end
end
94 changes: 0 additions & 94 deletions modules/exploits/linux/local/apt_package_manager_persistence.rb
View file
Open in desktop

This file was deleted.

62 changes: 0 additions & 62 deletions modules/exploits/linux/local/autostart_persistence.rb
View file
Open in desktop

This file was deleted.

122 changes: 0 additions & 122 deletions modules/exploits/linux/local/bash_profile_persistence.rb
View file
Open in desktop

This file was deleted.

Loading
Loading