CVE-2021-3156非交互式执行命令

Overview

CVE-2021-3156

2021-02-10-02-18-07

This is a warehouse modification based on @CptGibbon and supports arbitrary command execution.

相关阅读:CVE-2021-3156 - Exploit修改

Root shell PoC for CVE-2021-3156 (no bruteforce)

For educational purposes etc.

Tested on :

  • @CptGibbon Ubuntu 20.04 against sudo 1.8.31
  • @Rvn0xsy Ubuntu 17.10

All research credit: Qualys Research Team Check out the details on their blog.

You can check your version of sudo is vulnerable with: $ sudoedit -s Y. If it asks for your password it's most likely vulnerable, if it prints usage information it isn't. You can downgrade to the vulnerable version on Ubuntu 20.04 for testing purposes with $ sudo apt install sudo=1.8.31-1ubuntu1

Usage

$ make

$ ./exploit "Command"

You might also like...
C++ Implementation of "An Equivariant Filter for Visual Inertial Odometry", ICRA 2021

EqF VIO (Equivariant Filter for Visual Inertial Odometry) This repository contains an implementation of an Equivariant Filter (EqF) for Visual Inertia

Offical repo for
Offical repo for "Moynihan, M., Ruano, S., Pagés, R. and Smolic, A., 2021. Autonomous Tracking For Volumetric Video Sequences"

MeshTracker A segmentation-based tracking algorithm for registering volumetric video meshes (ply/obj) in C++. This is the official implementation of t

Python and C++ implementation of
Python and C++ implementation of "MarkerPose: Robust real-time planar target tracking for accurate stereo pose estimation". Accepted at LXCV Workshop @ CVPR 2021.

MarkerPose: Robust Real-time Planar Target Tracking for Accurate Stereo Pose Estimation This is a PyTorch and LibTorch implementation of MarkerPose: a

Repository to keep track of progress; Started learning C on 2nd September 2021.

Repository to keep track of progress. I started learning C on 2nd September 2021. The future: I plan on turning this repository into a tutorial with c

[CVPR 2021] NormalFusion: Real-Time Acquisition of Surface Normals for High-Resolution RGB-D Scanning

NormalFusion: Real-Time Acquisition of Surface Normals for High-Resolution RGB-D Scanning Project Page | Paper | Supplemental material #1 | Supplement

The code for C programming 2021, Department of Computer Science, National Taiwan University.

C2021 .c for sousce code, .in for input file, and .out for correct output. The numbers are the problem indices in the judge system. "make number" to m

Mixed reality VR laser tag using Oculus Quest 2 and OAK-D depth cameras. First prize winner for North America region in OpenCV AI Competition 2021.
Mixed reality VR laser tag using Oculus Quest 2 and OAK-D depth cameras. First prize winner for North America region in OpenCV AI Competition 2021.

Mixed Reality Laser Tag Copyright 2021 Bart Trzynadlowski Overview This is the source code to my Mixed Reality Laser Tag project, which won first priz

 Real-time Skeletonization for Sketch-based Modeling (SMI:2021)
Real-time Skeletonization for Sketch-based Modeling (SMI:2021)

Real-time Skeletonization for Sketch-based Modeling (SMI:2021) Demo We provide an executable software under directory "demo_exe/". Tested Environment

Real-Time Neural 3D Hand Pose Estimation from an Event Stream [ICCV 2021]

EventHands: Real-Time Neural 3D Hand Pose Estimation from an Event Stream Project Page Index TRAIN.md -- how to train the model from scratch EVAL_REAL

Comments
  • Debian9

    Debian9

    I'm trying to make it working on my lab with debian9 (ubuntu 17.10 is based on debian9) without success. Is there some parameter that I should check?

    Sudo version 1.8.19p1 Sudoers policy plugin version 1.8.19p1 Sudoers file grammar version 45 Sudoers I/O plugin version 1.8.19p1 libc version 2.24-11+deb9u4

    opened by Lussien 0
Owner
倾旋
知者不惑,仁者不忧,勇者不惧。
倾旋
PoC for CVE-2021-3156 (sudo heap overflow)

CVE-2021-3156 PoC for CVE-2021-3156 (sudo heap overflow). Exploit by @gf_256 aka cts. Thanks to r4j from super guesser for help. Credit to Braon Samed

Stephen Tong 431 Nov 9, 2022
Investigating the bug behind CVE-2021-26708

vsock_poc Investigating the bug behind CVE-2021-26708 This repo contains a small writeup about CVE-2021-26708, and how this bug can be turned into a U

Jordan 25 Sep 19, 2022
2021/3/30 ~ 2021/7/12 に行われる企画「競プロ典型 90 問」の問題・解説・ソースコードなどの資料をアップロードしています。

競プロ典型 90 問 日曜を除く毎朝 7:40 に競プロやアルゴリズムの教育的な問題を Twitter(@e869120)に投稿する企画です。 本企画は、2021 年 3 月 30 日から 7 月 12 日まで行われる予定です。 企画の目的 「競プロ典型 90 問」は、競プロ初級者から中上級者(レー

Masataka Yoneda 698 Nov 24, 2022
https://cve.mitre.org/

CVE-Mitre Download single CVE The variable is only for example ;) you can make your own SVN script for downloading a single folder = CVE =) BR @nu11se

nu11secur1ty 43 Nov 27, 2022
ICRA 2021 - Robust Place Recognition using an Imaging Lidar

Robust Place Recognition using an Imaging Lidar A place recognition package using high-resolution imaging lidar. For best performance, a lidar equippe

Tixiao Shan 290 Nov 14, 2022
Material for the UIBK Operating Systems Lab (2021)

UIBK Operating Systems Lab 2021 This repository contains material required to complete exercises for the OS lab in the 2021 summer semester, including

null 13 Nov 3, 2022
Aulas de Sistemas Operativos da turma LI42D no semestre de verão de 2020/2021

ISEL - Sistemas Operativos LI42D - Verão de 2021 Aulas de Sistemas Operativos da turma LI42D no semestre de verão de 2020/2021 Aulas Remotas em Direct

null 12 May 6, 2022
Official PyTorch Code of GrooMeD-NMS: Grouped Mathematically Differentiable NMS for Monocular 3D Object Detection (CVPR 2021)

GrooMeD-NMS: Grouped Mathematically Differentiable NMS for Monocular 3D Object Detection GrooMeD-NMS: Grouped Mathematically Differentiable NMS for Mo

Abhinav Kumar 76 Nov 6, 2022
Code and Data for our CVPR 2021 paper "Structured Scene Memory for Vision-Language Navigation"

SSM-VLN Code and Data for our CVPR 2021 paper "Structured Scene Memory for Vision-Language Navigation". Environment Installation Download Room-to-Room

hanqing 34 Aug 24, 2022
The official implementation of our CVPR 2021 paper - Hybrid Rotation Averaging: A Fast and Robust Rotation Averaging Approach

Graph Optimizer This repo contains the official implementation of our CVPR 2021 paper - Hybrid Rotation Averaging: A Fast and Robust Rotation Averagin

Chenyu 107 Nov 13, 2022