better check for VMware vCenter vScalation Priv Esc

[h00die]

When running against a non-vmware vcenter system, (like with local_exploit_suggester the check method would try to stat a file which didn't exist. This caused the output to look like:

/usr/lib/vmware-vmon/java-wrapper-vmon not owned by 'cis' group (owned by 'stat: cannot stat 'usr/lib/vmware-vmon/java-wrapper-vmon': no such file or directory'), or not writable

We now check if the file exists and is writable before running stat.

Verification

• Start msfconsole
• get a sesssion on a non-vcenter box
• use vcenter_java_wrapper
• set session #
• check
• Verify the output look sane and not like above

[jheysel-r7]

Thanks for the improvement @h00die, seems quite logical and testing was just as expected:

Testing Before & After:

msf6 exploit(linux/local/vcenter_java_wrapper_vmon_priv_esc) > check
[*] The target is not exploitable. /usr/lib/vmware-vmon/java-wrapper-vmon not owned by 'cis' group (owned by 'stat: cannot statx '/usr/lib/vmware-vmon/java-wrapper-vmon': No such file or directory'), or not writable
msf6 exploit(linux/local/vcenter_java_wrapper_vmon_priv_esc) > reload
[*] Reloading module...
msf6 exploit(linux/local/vcenter_java_wrapper_vmon_priv_esc) > check
[*] The target is not exploitable. /usr/lib/vmware-vmon/java-wrapper-vmon not found on system

[jheysel-r7]

Release Notes

This PR adds an improvement to the check method of the vcenter_java_wrapper_vmon_priv_esc module. Before the module would attempt to see if a file was writable before checking if the file existed on the system. This caused the check method to return an error message along with a the check code. This PR fixes that issue.