Always try both export and setenv. Fixups to allow for correct reading from echoy nix shells. Fixes is_root? to not treat an empty string as 0

lib/msf/core/auxiliary/login.rb

@@ -130,7 +130,7 @@ module Auxiliary::Login
 	end
 
 	def password_prompt?
-		return true if @recvd =~ @password_regex
+		return true if(@recvd =~ @password_regex or @recvd =~ /#{datastore['USERNAME']}'s/)
 		return false
 	end
 

lib/msf/core/post/linux/priv.rb

@@ -6,19 +6,21 @@ module Linux
 module Priv
 	include ::Msf::Post::Common
 
-		# Returns true if running as root, false if not.
+	# Returns true if running as root, false if not.
-		def is_root?
+	def is_root?
-			root_priv = false
+		root_priv = false
-			user_id = cmd_exec("id -u")
+		user_id = cmd_exec("id -u")
-			if user_id.to_i == 0
+		if user_id and !user_id.empty?
+			if user_id.strip.lstrip.to_i == 0
 				root_priv = true
-			elsif user_id =~ /^\d*$/
+			elsif user_id.to_s =~ /^\d*$/
 				root_priv = false
-			else
-				raise "Could not determine UID: #{user_id}"
 			end
-			return root_priv
+		else
+			raise "Could not determine UID: #{user_id}"
 		end
+		return root_priv
+	end
 
 end # Priv
 end # Linux

lib/msf/core/session/provider/single_command_shell.rb

@@ -91,12 +91,27 @@ module SingleCommandShell
 	def shell_command_token_unix(cmd, timeout=10)
 		# read any pending data
 		buf = shell_read(-1, 0.01)
+		set_shell_token_index(timeout)
 		token = ::Rex::Text.rand_text_alpha(32)
 
 		# Send the command to the session's stdin.
-		# NOTE: if the session echoes input we don't need to echo the token twice.
 		shell_write(cmd + ";echo #{token}\n")
-		shell_read_until_token(token, 0, timeout)
+		shell_read_until_token(token, @shell_token_index, timeout)
+	end
+
+	# NOTE: if the session echoes input we don't need to echo the token twice.
+	def set_shell_token_index(timeout)
+		return @shell_token_index if @shell_token_index
+		token = ::Rex::Text.rand_text_alpha(32)
+		numeric_token = rand(0xffffffff) + 1
+		cmd = "echo #{numeric_token}"
+		shell_write(cmd + ";echo #{token}\n")
+		res = shell_read_until_token(token, 0, timeout)
+		if res.to_i == numeric_token
+			@shell_token_index = 0
+		else
+			@shell_token_index = 1
+		end
 	end
 
 	#

modules/post/linux/manage/sudo.rb

@@ -48,6 +48,7 @@ class Metasploit3 < Msf::Post
 	def run
 		print_status("SUDO: Attempting to upgrade to UID 0 via sudo")
 		sudo_bin = cmd_exec("which sudo")
+		my_id = cmd_exec("id -u")
 		if is_root?
 			print_status "Already root, so no need to upgrade permissions. Aborting."
 			return
@@ -98,10 +99,9 @@ class Metasploit3 < Msf::Post
 					cmd_exec("echo echo #{password} >> #{askpass_sh}")
 					cmd_exec("chmod +x #{askpass_sh}")
 					vprint_status "Setting environment variable."
-					# Bruteforce-set the environment variable? is cmd_exec() always
+					# Bruteforce-set the environment variable with both setenv and export.
-					# going to be in the context of /bin/sh ?
 					askpass_env = cmd_exec("setenv SUDO_ASKPASS #{askpass_sh}") 
-					cmd_exec("export SUDO_ASKPASS=#{askpass_sh}") if askpass_env.to_s.empty?
+					cmd_exec("export SUDO_ASKPASS=#{askpass_sh}")
 					vprint_status "Executing sudo -s -A"
 					cmd_exec("sudo -s -A")
 					vprint_status "Deleting the askpass script."