Skip to content

Rvn0xsy/CVE-2021-3156-plus

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
images
images
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
exploit.c
exploit.c
 
 
shellcode.c
shellcode.c
 
 

Repository files navigation

CVE-2021-3156

2021-02-10-02-18-07

This is a warehouse modification based on @CptGibbon and supports arbitrary command execution.

相关阅读:CVE-2021-3156 - Exploit修改

Root shell PoC for CVE-2021-3156 (no bruteforce)

For educational purposes etc.

Tested on :

  • @CptGibbon Ubuntu 20.04 against sudo 1.8.31
  • @Rvn0xsy Ubuntu 17.10

All research credit: Qualys Research Team Check out the details on their blog.

You can check your version of sudo is vulnerable with: $ sudoedit -s Y. If it asks for your password it's most likely vulnerable, if it prints usage information it isn't. You can downgrade to the vulnerable version on Ubuntu 20.04 for testing purposes with $ sudo apt install sudo=1.8.31-1ubuntu1

Usage

$ make

$ ./exploit "Command"

About

CVE-2021-3156非交互式执行命令

Resources

Readme
Activity

Stars

198 stars

Watchers

6 watching

Forks

42 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages