modules: Check datastore ForceExploit before checking if session is root #17581
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Currently, many local exploit modules check if the user has root permissions before proceeding, unless the operator has enabled
ForceExploit
.This is good; however, due to the order of conditions, when the operator has selected
ForceExploit
the module will still check first if the user has root permissions.This is unnecessary. There is no reason to check for root permissions when
ForceExploit
is set. Additionally, as theis_root?
check requires execution of multiple commands on the remote host, this check is significantly more expensive than a simple Boolean comparison with a local datastore option.Worse, in instances where the module cannot determine whether the user has root permissions (ie, if
id
is not inPATH
or returns unexpected output), the module willraise
on Linux systems. An operator who wished to avoid this failure condition by forcing exploitation would not care if the root check failed - in fact, they may have enabledForceExploit
as a workaround specifically because the root check failed.This PR modifies the conditions in 45 modules to check whether the operator has selected
ForceExploit
before checking permissions, which is slightly more efficient.