diff --git a/modules/exploits/linux/local/af_packet_chocobo_root_priv_esc.rb b/modules/exploits/linux/local/af_packet_chocobo_root_priv_esc.rb index 84c600ab59..cd7db1d26d 100644 --- a/modules/exploits/linux/local/af_packet_chocobo_root_priv_esc.rb +++ b/modules/exploits/linux/local/af_packet_chocobo_root_priv_esc.rb @@ -73,6 +73,7 @@ class MetasploitModule < Msf::Exploit::Local OptEnum.new('COMPILE', [ true, 'Compile on target', 'Auto', %w(Auto True False) ]) ] register_advanced_options [ + OptBool.new('ForceExploit', [ false, 'Override check result', false ]), OptString.new('WritableDir', [ true, 'A directory where we can write files', '/tmp' ]) ] end @@ -168,12 +169,17 @@ class MetasploitModule < Msf::Exploit::Local end def exploit - if check != CheckCode::Appears - fail_with Failure::NotVulnerable, 'Target is not vulnerable' + unless check == CheckCode::Appears + unless datastore['ForceExploit'] + fail_with Failure::NotVulnerable, 'Target is not vulnerable. Set ForceExploit to override.' + end + print_warning 'Target does not appear to be vulnerable' end if is_root? - fail_with Failure::BadConfig, 'Session already has root privileges' + unless datastore['ForceExploit'] + fail_with Failure::BadConfig, 'Session already has root privileges. Set ForceExploit to override.' + end end unless writable? base_dir diff --git a/modules/exploits/linux/local/af_packet_packet_set_ring_priv_esc.rb b/modules/exploits/linux/local/af_packet_packet_set_ring_priv_esc.rb index 9381543e08..51a73a63e1 100644 --- a/modules/exploits/linux/local/af_packet_packet_set_ring_priv_esc.rb +++ b/modules/exploits/linux/local/af_packet_packet_set_ring_priv_esc.rb @@ -71,6 +71,7 @@ class MetasploitModule < Msf::Exploit::Local OptEnum.new('COMPILE', [ true, 'Compile on target', 'Auto', %w(Auto True False) ]) ] register_advanced_options [ + OptBool.new('ForceExploit', [ false, 'Override check result', false ]), OptString.new('WritableDir', [ true, 'A directory where we can write files', '/tmp' ]) ] end @@ -164,12 +165,17 @@ class MetasploitModule < Msf::Exploit::Local end def exploit - if check != CheckCode::Appears - fail_with Failure::NotVulnerable, 'Target is not vulnerable' + unless check == CheckCode::Appears + unless datastore['ForceExploit'] + fail_with Failure::NotVulnerable, 'Target is not vulnerable. Set ForceExploit to override.' + end + print_warning 'Target does not appear to be vulnerable' end if is_root? - fail_with Failure::BadConfig, 'Session already has root privileges' + unless datastore['ForceExploit'] + fail_with Failure::BadConfig, 'Session already has root privileges. Set ForceExploit to override.' + end end unless writable? base_dir diff --git a/modules/exploits/linux/local/bpf_sign_extension_priv_esc.rb b/modules/exploits/linux/local/bpf_sign_extension_priv_esc.rb index e4ebb086bc..471de99413 100644 --- a/modules/exploits/linux/local/bpf_sign_extension_priv_esc.rb +++ b/modules/exploits/linux/local/bpf_sign_extension_priv_esc.rb @@ -93,6 +93,7 @@ class MetasploitModule < Msf::Exploit::Local OptEnum.new('COMPILE', [ true, 'Compile on target', 'Auto', %w[Auto True False] ]) ] register_advanced_options [ + OptBool.new('ForceExploit', [ false, 'Override check result', false ]), OptString.new('WritableDir', [ true, 'A directory where we can write files', '/tmp' ]) ] end @@ -178,11 +179,16 @@ class MetasploitModule < Msf::Exploit::Local def exploit unless check == CheckCode::Appears - fail_with Failure::NotVulnerable, 'Target not vulnerable! punt!' + unless datastore['ForceExploit'] + fail_with Failure::NotVulnerable, 'Target is not vulnerable. Set ForceExploit to override.' + end + print_warning 'Target does not appear to be vulnerable' end if is_root? - fail_with Failure::BadConfig, 'Session already has root privileges' + unless datastore['ForceExploit'] + fail_with Failure::BadConfig, 'Session already has root privileges. Set ForceExploit to override.' + end end unless writable? base_dir diff --git a/modules/exploits/linux/local/glibc_realpath_priv_esc.rb b/modules/exploits/linux/local/glibc_realpath_priv_esc.rb index 075185bb43..fa00f24d5b 100644 --- a/modules/exploits/linux/local/glibc_realpath_priv_esc.rb +++ b/modules/exploits/linux/local/glibc_realpath_priv_esc.rb @@ -64,6 +64,7 @@ class MetasploitModule < Msf::Exploit::Local OptEnum.new('COMPILE', [ true, 'Compile on target', 'Auto', %w(Auto True False) ]) ] register_advanced_options [ + OptBool.new('ForceExploit', [ false, 'Override check result', false ]), OptString.new('WritableDir', [ true, 'A directory where we can write files', '/tmp' ]) ] end @@ -161,12 +162,21 @@ class MetasploitModule < Msf::Exploit::Local end def exploit - if is_root? - fail_with Failure::BadConfig, 'Session already has root privileges' + unless check == CheckCode::Appears + unless datastore['ForceExploit'] + fail_with Failure::NotVulnerable, 'Target is not vulnerable. Set ForceExploit to override.' + end + print_warning 'Target does not appear to be vulnerable' end - if check != CheckCode::Appears - fail_with Failure::NotVulnerable, 'Target is not vulnerable' + if is_root? + unless datastore['ForceExploit'] + fail_with Failure::BadConfig, 'Session already has root privileges. Set ForceExploit to override.' + end + end + + unless writable? base_dir + fail_with Failure::BadConfig, "#{base_dir} is not writable" end unless writable? base_dir diff --git a/modules/exploits/linux/local/lastore_daemon_dbus_priv_esc.rb b/modules/exploits/linux/local/lastore_daemon_dbus_priv_esc.rb index 25678f0ab8..ab27ae1114 100644 --- a/modules/exploits/linux/local/lastore_daemon_dbus_priv_esc.rb +++ b/modules/exploits/linux/local/lastore_daemon_dbus_priv_esc.rb @@ -45,6 +45,7 @@ class MetasploitModule < Msf::Exploit::Local 'Targets' => [[ 'Auto', {} ]], 'DefaultTarget' => 0)) register_advanced_options [ + OptBool.new('ForceExploit', [ false, 'Override check result', false ]), OptString.new('WritableDir', [ true, 'A directory where we can write files', '/tmp' ]) ] end @@ -119,12 +120,17 @@ class MetasploitModule < Msf::Exploit::Local end def exploit - if is_root? - fail_with Failure::BadConfig, 'Session already has root privileges' + unless check == CheckCode::Appears + unless datastore['ForceExploit'] + fail_with Failure::NotVulnerable, 'Target is not vulnerable. Set ForceExploit to override.' + end + print_warning 'Target does not appear to be vulnerable' end - if check != CheckCode::Appears - fail_with Failure::NotVulnerable, 'Target is not vulnerable' + if is_root? + unless datastore['ForceExploit'] + fail_with Failure::BadConfig, 'Session already has root privileges. Set ForceExploit to override.' + end end print_status 'Building package...' diff --git a/modules/exploits/linux/local/libuser_roothelper_priv_esc.rb b/modules/exploits/linux/local/libuser_roothelper_priv_esc.rb index b4670a21fb..1398f4a402 100644 --- a/modules/exploits/linux/local/libuser_roothelper_priv_esc.rb +++ b/modules/exploits/linux/local/libuser_roothelper_priv_esc.rb @@ -78,6 +78,7 @@ class MetasploitModule < Msf::Exploit::Local OptString.new('PASSWORD', [ true, 'Password for the current user', '' ]) ] register_advanced_options [ + OptBool.new('ForceExploit', [ false, 'Override check result', false ]), OptString.new('WritableDir', [ true, 'A directory where we can write files', '/tmp' ]) ] end @@ -158,11 +159,16 @@ class MetasploitModule < Msf::Exploit::Local def exploit if check == CheckCode::Safe - fail_with Failure::NotVulnerable, 'Target is not vulnerable' + unless datastore['ForceExploit'] + fail_with Failure::NotVulnerable, 'Target is not vulnerable. Set ForceExploit to override.' + end + print_warning 'Target does not appear to be vulnerable' end if is_root? - fail_with Failure::BadConfig, 'Session already has root privileges' + unless datastore['ForceExploit'] + fail_with Failure::BadConfig, 'Session already has root privileges. Set ForceExploit to override.' + end end unless writable? base_dir diff --git a/modules/exploits/linux/local/network_manager_vpnc_username_priv_esc.rb b/modules/exploits/linux/local/network_manager_vpnc_username_priv_esc.rb index 5992f7f7b9..c39856a003 100644 --- a/modules/exploits/linux/local/network_manager_vpnc_username_priv_esc.rb +++ b/modules/exploits/linux/local/network_manager_vpnc_username_priv_esc.rb @@ -64,6 +64,7 @@ class MetasploitModule < Msf::Exploit::Local }, 'DefaultTarget' => 0)) register_advanced_options [ + OptBool.new('ForceExploit', [ false, 'Override check result', false ]), OptString.new('WritableDir', [true, 'A directory where we can write files', '/tmp']) ] end @@ -95,12 +96,17 @@ class MetasploitModule < Msf::Exploit::Local end def exploit - if is_root? - fail_with Failure::BadConfig, 'Session already has root privileges' + unless check == CheckCode::Detected + unless datastore['ForceExploit'] + fail_with Failure::NotVulnerable, 'Target is not vulnerable. Set ForceExploit to override.' + end + print_warning 'Target does not appear to be vulnerable' end - if check != CheckCode::Detected - fail_with Failure::NotVulnerable, 'Target is not vulnerable' + if is_root? + unless datastore['ForceExploit'] + fail_with Failure::BadConfig, 'Session already has root privileges. Set ForceExploit to override.' + end end @payload_name = ".#{rand_text_alphanumeric rand(10..15)}" diff --git a/modules/exploits/linux/local/rds_priv_esc.rb b/modules/exploits/linux/local/rds_priv_esc.rb index 045117850a..24d2475c75 100644 --- a/modules/exploits/linux/local/rds_priv_esc.rb +++ b/modules/exploits/linux/local/rds_priv_esc.rb @@ -64,6 +64,7 @@ class MetasploitModule < Msf::Exploit::Local OptEnum.new('COMPILE', [ true, 'Compile on target', 'Auto', %w(Auto True False) ]) ] register_advanced_options [ + OptBool.new('ForceExploit', [ false, 'Override check result', false ]), OptString.new('WritableDir', [ true, 'A directory where we can write files', '/tmp' ]) ] end @@ -151,11 +152,16 @@ class MetasploitModule < Msf::Exploit::Local def exploit unless check == CheckCode::Appears - fail_with Failure::NotVulnerable, 'Target is not vulnerable' + unless datastore['ForceExploit'] + fail_with Failure::NotVulnerable, 'Target is not vulnerable. Set ForceExploit to override.' + end + print_warning 'Target does not appear to be vulnerable' end if is_root? - fail_with Failure::BadConfig, 'Session already has root privileges' + unless datastore['ForceExploit'] + fail_with Failure::BadConfig, 'Session already has root privileges. Set ForceExploit to override.' + end end unless writable? base_dir diff --git a/modules/exploits/linux/local/recvmmsg_priv_esc.rb b/modules/exploits/linux/local/recvmmsg_priv_esc.rb index 9139bd3ef9..926a42976f 100644 --- a/modules/exploits/linux/local/recvmmsg_priv_esc.rb +++ b/modules/exploits/linux/local/recvmmsg_priv_esc.rb @@ -54,6 +54,7 @@ class MetasploitModule < Msf::Exploit::Local OptEnum.new('COMPILE', [ true, 'Compile on target', 'Auto', %w(Auto True False) ]) ] register_advanced_options [ + OptBool.new('ForceExploit', [ false, 'Override check result', false ]), OptString.new('WritableDir', [ true, 'A directory where we can write files (must not be mounted noexec)', '/tmp' ]) ] end @@ -132,7 +133,7 @@ class MetasploitModule < Msf::Exploit::Local release = kernel_release unless release =~ /^3\.11\.0-(12|15)-generic/ || release.eql?('3.8.0-19-generic') - print_error "Kernel #{release} #{version} is not exploitable" + vprint_error "Kernel #{release} #{version} is not exploitable" return CheckCode::Safe end vprint_good "Kernel #{release} #{version} is exploitable" @@ -141,12 +142,17 @@ class MetasploitModule < Msf::Exploit::Local end def exploit - if is_root? - fail_with Failure::BadConfig, 'Session already has root privileges' + unless check == CheckCode::Appears + unless datastore['ForceExploit'] + fail_with Failure::NotVulnerable, 'Target is not vulnerable. Set ForceExploit to override.' + end + print_warning 'Target does not appear to be vulnerable' end - if check != CheckCode::Appears - fail_with Failure::NotVulnerable, 'Target not vulnerable! punt!' + if is_root? + unless datastore['ForceExploit'] + fail_with Failure::BadConfig, 'Session already has root privileges. Set ForceExploit to override.' + end end unless writable? base_dir diff --git a/modules/exploits/linux/local/sock_sendpage.rb b/modules/exploits/linux/local/sock_sendpage.rb index 86e7ff1633..3dec21e72d 100644 --- a/modules/exploits/linux/local/sock_sendpage.rb +++ b/modules/exploits/linux/local/sock_sendpage.rb @@ -69,6 +69,7 @@ class MetasploitModule < Msf::Exploit::Local OptBool.new('DEBUG_EXPLOIT', [ true, "Make the exploit executable be verbose about what it's doing", false ]) ] register_advanced_options [ + OptBool.new('ForceExploit', [ false, 'Override check result', false ]), OptString.new('WritableDir', [ true, 'A directory where we can write files (must not be mounted noexec)', '/tmp' ]) ] end @@ -133,11 +134,16 @@ class MetasploitModule < Msf::Exploit::Local def exploit if check == CheckCode::Safe - fail_with Failure::NotVulnerable, 'Target is not vulnerable' + unless datastore['ForceExploit'] + fail_with Failure::NotVulnerable, 'Target is not vulnerable. Set ForceExploit to override.' + end + print_warning 'Target does not appear to be vulnerable' end if is_root? - fail_with Failure::BadConfig, 'Session already has root privileges' + unless datastore['ForceExploit'] + fail_with Failure::BadConfig, 'Session already has root privileges. Set ForceExploit to override.' + end end unless writable? base_dir diff --git a/modules/exploits/linux/local/ufo_privilege_escalation.rb b/modules/exploits/linux/local/ufo_privilege_escalation.rb index f996eebe86..db2eb5e0ee 100644 --- a/modules/exploits/linux/local/ufo_privilege_escalation.rb +++ b/modules/exploits/linux/local/ufo_privilege_escalation.rb @@ -70,6 +70,7 @@ class MetasploitModule < Msf::Exploit::Local OptEnum.new('COMPILE', [ true, 'Compile on target', 'Auto', %w[Auto True False] ]) ] register_advanced_options [ + OptBool.new('ForceExploit', [ false, 'Override check result', false ]), OptString.new('WritableDir', [ true, 'A directory where we can write files', '/tmp' ]) ] end @@ -162,11 +163,16 @@ class MetasploitModule < Msf::Exploit::Local def exploit unless check == CheckCode::Appears - fail_with Failure::NotVulnerable, 'Target not vulnerable! punt!' + unless datastore['ForceExploit'] + fail_with Failure::NotVulnerable, 'Target is not vulnerable. Set ForceExploit to override.' + end + print_warning 'Target does not appear to be vulnerable' end if is_root? - fail_with Failure::BadConfig, 'Session already has root privileges' + unless datastore['ForceExploit'] + fail_with Failure::BadConfig, 'Session already has root privileges. Set ForceExploit to override.' + end end unless writable? base_dir