Add ForceExploit option

documentation/modules/exploit/solaris/local/libnspr_nspr_log_file_priv_esc.md

@@ -36,10 +36,6 @@
 
   Which session to use, which can be viewed with `sessions`
 
-  **WritableDir**
-
-  A writable directory file system path. (default: `/tmp`)
-
   **SUID_PATH**
 
   Path to suid executable (must be linked to a vulnerable version of `libnspr4.so`)

modules/exploits/solaris/local/libnspr_nspr_log_file_priv_esc.rb

@@ -75,7 +75,10 @@ class MetasploitModule < Msf::Exploit::Local
       # * /usr/bin/lpstat
       # * /usr/lib/lp/bin/netpr
       # * /usr/sbin/lpmove
-      OptString.new('SUID_PATH', [true, 'Path to suid executable (must be linked to a vulnerable version of libnspr4.so)', '/usr/bin/cancel']),
+      OptString.new('SUID_PATH', [true, 'Path to suid executable (must be linked to a vulnerable version of libnspr4.so)', '/usr/bin/cancel'])
+    ]
+    register_advanced_options [
+      OptBool.new('ForceExploit',  [false, 'Override check result', false]),
       OptString.new('WritableDir', [true, 'A directory where we can write files', '/tmp'])
     ]
   end
@@ -165,7 +168,10 @@ class MetasploitModule < Msf::Exploit::Local
     end
 
     unless [CheckCode::Detected, CheckCode::Appears].include? check
-      fail_with Failure::NotVulnerable, 'Target is not vulnerable'
+      unless datastore['ForceExploit']
+        fail_with Failure::NotVulnerable, 'Target is not vulnerable. Set ForceExploit to override.'
+      end
+      print_warning 'Target does not appear to be vulnerable'
     end
 
     unless is_writable? datastore['WritableDir']