Pwnedit - CVE-2021-3156 - Sudo Baron Samedit

Related tags

Miscellaneous pwnedit
Overview

pwnedit

CVE-2021-3156 - Sudo Baron Samedit

Before heading into the technical details, you can watch a brief summary here: https://www.youtube.com/watch?v=TLa2VqcGGEQ

Episodes

Full playlist on YouTube here.

  • [ Files | Blog | Video ] Why Pick sudo as Research Target?
  • [ Files | Blog | Video ] How Fuzzing with AFL works
  • [ Files | Blog | Video ] Troubleshooting AFL Fuzzing Problems
  • [ Files | Blog | Video ] Finding Buffer Overflow with Fuzzing
  • [ Files | Blog | Video ] Found a Crash Through Fuzzing? Minimize AFL Testcases
  • [ Files | Blog | Video ] Root Cause Analysis With AddressSanitizer (ASan)
  • [ Files | Blog | Video ] Understanding C Pointer Magic Arithmetic
  • [ Files | Blog | Video ] Reaching Vulnerable Code in sudo (C code review)
  • ... coming soon

Requirements

Install Docker and make sure it is running with docker ps.

Usage Instructions

Each episode folder contains files and code snippets used in the video. Most important is the Dockerfile, which can be used to run an isolated system vulnerable to the sudoedit vulnerability.

If you want to betetr understand how docker works, checkout these videos:

This project uses a Makefile in each episode, to easier work with docker. You can build and run a particular episode's docker container with thes follwing commands.

cd episode01
sudo make

To get a root shell you can then run

sudo make root

Or be a regular user

sudo make attach

Feel free to check the Makefile and execute the docker commands directly.

You might also like...
CVE-2021-24084 Windows Local Privilege Escalation Left officially unpatched since 2020. Hence, its still a zero day

WindowsMDM-LPE-0Day Works best on Windows 11 CVE-2021-24084 Windows Local Privilege Escalation Left officially unpatched since 2020. Hence, its still

Exploit Blizzard 35 Nov 9, 2022
Plex media server local privilige escalation poc - CVE-2021-42835

Local Privilege PlEXcalasion - CVE-2021-42835 Plex Media Server for Windows prior to version 1.25.0.5282, vulnerable to Time Of Check Time Of Use (TOC

null 6 May 24, 2022
Exploit for CVE-2021-40449 - Win32k Elevation of Privilege Vulnerability (LPE)
Exploit for CVE-2021-40449 - Win32k Elevation of Privilege Vulnerability (LPE)

CallbackHell Exploit for CVE-2021-40449 (Win32k - LPE) CallbackHell Description Technical Writeup PoC References Description CVE-2021-40449 is a use-a

Oliver Lyak 437 Dec 31, 2022
Gex is an iOS 14.7 jailbreak using CVE-2021-30807 IOMFB exploit

Gex is an iOS 14.7 jailbreak using CVE-2021-30807 IOMFB exploit rest of this readme is from jsherman212's exploit repo and probably stuff that is abou

Connor 5 Apr 19, 2022
Linux system service bug gives root on all major distros, exploit published A vulnerability in the pkexec component of Polkit identified as CVE-2021-4034 PwnKit is present in the default configuration of all major Linux distributions and can be exploited to gain privileges over the compj researchers.

CVE-2021-4034 Exploit Usage $ git clone https://github.com/Anonymous-Family/CVE-2021-4034.git $ cd CVE-2021-4034 $ make [!] CVE-2021-4034 Exploit By w

Anonymous Family 2 Jan 26, 2022
CVE-2021-4034 POC and Docker and Analysis write up
CVE-2021-4034 POC and Docker and Analysis write up

CVE-2021-4034 POC and Docker and Analysis write up

breeze 9 Oct 22, 2022
This repository contains an exploit of CVE-2021-4034, a local privilege escalation in pkexec

pwnkit (CVE-2021-4034) Privilege Escalation exploit sample This repository contains an exploit of CVE-2021-4034, a local privilege escalation in pkexe

Peter Gottesman 29 Dec 20, 2022
CVE-2021-4034: Local Privilege Escalation in polkit's pkexec proof of concept
CVE-2021-4034: Local Privilege Escalation in polkit's pkexec proof of concept

CVE-2021-4034 Proof of Concept Qualys researches found a pretty cool local privilege escalation vulnerability in Polkit's pkexec: writeup, tweet. This

Marco Bonelli 20 Jun 22, 2022
Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege Escalation
Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege Escalation

PwnKit Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege Escalation Usage Should work out of the box on Linux distributions based on U

Oliver Lyak 702 Dec 28, 2022
Comments
  • Typo in Epsidoe01 Readme

    Typo in Epsidoe01 Readme

    Commands section.

    Commands

    To setup the container for this episode, unpack the sudo source code in the current episode01 directory. Then you can run the container with make run and get a shell insode the container with make root. The extracted sudo source code is now available in /pwd/sudo-1.8.31p2.

    should be changed to:

    Commands

    To setup the container for this episode, unpack the sudo source code in the current episode01 directory. Then you can run the container with make run and get a shell inside the container with make root. The extracted sudo source code is now available in /pwd/sudo-1.8.31p2.

    opened by Mickhat 0
  • Fix a mistype that results in a bug

    Fix a mistype that results in a bug

    Hello, the first chapter's README ("episode01") - in the "Commands" header, has a little mistype that results in AFL complaining:

    PROGRAM ABORT : Multiple -i options not supported
Location : main(), afl-fuzz.c:7804

    Please fix it by changing the second option to -o instead of repeating -i 2 times in the following line:

    afl-fuzz -i /tmp/in -i /tmp/out ./src/sudo

    to:

    afl-fuzz -i /tmp/in -o /tmp/out ./src/sudo

    opened by talsim 0
Owner
wannabe hacker...
null
GitHub
Small Linux ransomware with no sudo requirement.

Info This is a little project made by me which encrypts the entire home directory and plays for you Blackjack. If you lose, your data stays encrypted

Scripted 2 Dec 2, 2021
Exploit to SYSTEM for CVE-2021-21551

CVE-2021-21551 Exploit to SYSTEM for CVE-2021-21551 SpoolPrinter Privesc using SeImpersonatePrivileges was made thanks to

null 237 Dec 14, 2022
PoC for CVE-2021-28476 a guest-to-host "Hyper-V Remote Code Execution Vulnerability" in vmswitch.sys.

CVE-2021-28476: a guest-to-host "Microsoft Hyper-V Remote Code Execution Vulnerability" in vmswitch.sys. This is a proof of concept for CVE-2021-28476

Axel Souchet 208 Nov 26, 2022
a reliable C based exploit for CVE-2021-3560.

CVE-2021-3560 a reliable C based exploit for CVE-2021-3560. Summary: Yestreday i stumbled upon this blog post by Kevin Backhouse (discovered this vuln

hakivvi 34 Jun 21, 2022
Local Privilege Escalation Edition for CVE-2021-1675

Local Privilege Escalation Edition of CVE-2021-1675/CVE-2021-34527 Local Privilege Escalation implementation of the CVE-2021-1675/CVE-2021-34527 (a.k.

Halil Dalabasmaz 334 Jan 5, 2023
PoC (DoS) for CVE-2021-40449 - Win32k Elevation of Privilege Vulnerability (LPE)

CallbackHell DoS PoC for CVE-2021-40449 (Win32k - LPE) CallbackHell Description Technical Writeup PoC References Description CVE-2021-40449 is a use-a

Oliver Lyak 437 Dec 31, 2022
My exploit for CVE-2021-40449, a Windows LPE via a UAF in win32kfull!GreResetDCInternal.

CVE-2021-40449 My exploit for CVE-2021-40449, a Windows LPE via a UAF in win32kfull!GreResetDCInternal. short wu along with the UAF vulnerabilty other

hakivvi 32 Nov 29, 2022
Exploit for CVE-2021-40449

CVE-2021-40449 More info here: https://kristal-g.github.io/2021/11/05/CVE-2021-40449_POC.html Compiling I did a bit of a hack with the MinHook library

null 49 Dec 23, 2022
CVE-2021-1675 (PrintNightmare)

CVE-2021-1675(PrintNightmare) system shell poc for CVE-2021-1675 (Windows Print Spooler Elevation of Privilege) credit: Zhiniang Peng (@edwardzpeng) &

valen 72 Nov 8, 2022
Exploit for CVE-2021-30807

Write up is here: https://jsherman212.github.io/2021/11/28/popping_ios14_with_iomfb.html Exploit for CVE-2021-30807. If you really want to build a jai

Justin Sherman 125 Dec 25, 2022