James Lee
7091d1c65b
Unfortunately, adds a dep on bionic for runtime compilation. Gets ring0, sets the (res)uid to 0 and jumps to the payload. Still some payload issues because linux stagers don't mprotect(2) the buffer they read(2) into. Single payloads work fine, though. Also cleans up and improves local exploits' ability to compile C. [SEERM #3038]
20 lines
270 B
Ruby
20 lines
270 B
Ruby
|
|
module Msf
|
|
module Exploit::Local::Unix
|
|
|
|
include Exploit::Local::CompileC
|
|
|
|
def unix_socket_h(metasm_exe)
|
|
[
|
|
"external/source/meterpreter/source/bionic/libc/include/sys/socket.h",
|
|
].each do |fname|
|
|
cparser.parse(File.read(fname), fname)
|
|
end
|
|
|
|
end
|
|
|
|
|
|
end
|
|
end
|
|
|