New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Clean up linux/local/vmware_alsa_config exploit module #11137

Merged
merged 1 commit into from Dec 21, 2018

Conversation

Projects
None yet
3 participants
@bcoles
Copy link
Contributor

bcoles commented Dec 17, 2018

This PR cleans up the linux/local/vmware_alsa_config exploit.

  • Updates the module to be in line with recent code patterns for local Linux exploits
    • Post library methods: has_gcc?, chmod, etc
    • ForceExploit pattern
    • upload_and_compile pattern
  • Removes unnecessary cleanup method, in favor of register_[file|dir]_for_cleanup.
    • Bonus: class variables are no longer required and have been removed.
  • Removes unnecessary on_new_session code and requirement to execute /bin/sh on new session
  • Adds a Xdisplay option for users to specify DISPLAY
  • Ensures more reliable exploitation in the event that PATH or HOME are not set
  • Fixes a dumb bug caused by vmplayer expecting ~ to represent HOME when loading preferences
  • Updates documentation to match the aforemented changes

@busterb busterb self-assigned this Dec 21, 2018

@busterb

This comment has been minimized.

Copy link
Contributor

busterb commented Dec 21, 2018

LGTM, thanks.

@busterb busterb merged commit d973a58 into rapid7:master Dec 21, 2018

3 checks passed

Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

busterb added a commit that referenced this pull request Dec 21, 2018

@busterb

This comment has been minimized.

Copy link
Contributor

busterb commented Dec 21, 2018

Release Notes

This updates the vmware_alsa_config exploit module to use similar patterns and features from similar modules, as well as adds options for modifying the DISPLAY variable and improving exploit reliability.

msjenkins-r7 added a commit that referenced this pull request Dec 21, 2018

@bcoles bcoles deleted the bcoles:vmware_alsa_config branch Dec 22, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment