CVE-2021-22555

CVE-2021-22555 exploit rewritten with pipe primitive

CVE-2021-22555 pipe version Using pipe-primitive to exploit CVE-2021-22555, so no kaslr leak nor smap smep ktpi bypass is needed :) (Q: What is pipe-primitive? A: githubcom/veritas501/pipe-primitive) Tested on both Linux 415 and Linux 58

A penetration toolkit for container environment

ctrsploit: A penetration toolkit for container environment 中文文档 ctrsploit [kənˈteɪnər splɔɪt] , follows sploit-spec v043 Why ctrsploit see here Pre-Built Release githubcom/ctrsploit/ctrsploit/releases Self Build Build in Container make binary && ls -lah bin/release Build in Local make build-ctrsploi

Reproducer for CVE-2021-22555 as a container First, this rolls in the exploit code from here as a handy pre-built container: githubcom/google/security-research/tree/master/pocs/linux/cve-2021-22555 Pre-built container: quayio/cgwalters/cve-2021-22555 Mitigation: seccomp profiles A strong mitigation is to enable seccomp that denies clone(CLONE_NEWUSER) The upstream K

CVE-2022-0995 exploit

CVE-2022-0995 This is my exploit for CVE-2022-0995, an heap out-of-bounds write in the watch_queue Linux kernel component It uses the same technique described in googlegithubio/security-research/pocs/linux/cve-2021-22555/writeuphtml The exploit targets Ubuntu 2110 with kernel 5130-37 The exploit is not 100% reliable, you may need to run it a couple of times I

This repo hosts TUKRU's Linux Privilege Escalation exploit (CVE-2021-22555). It demonstrates gaining root privileges via a vulnerability. Tested on Ubuntu 5.8.0-48-generic and COS 5.4.89+. Use responsibly and ethically.

CVE-2021-22555 This repo hosts TUKRU's Linux Privilege Escalation exploit (CVE-2021-22555) It demonstrates gaining root privileges via a vulnerability Tested on Ubuntu 580-48-generic and COS 5489+ Use responsibly and ethically CVE-2021-22555: Linux Privilege Escalation Exploit This repository contains a Linux Privilege Escalation exploit for the CVE-2021-22555 v

Linux Kernel 2.6.19 < 5.9 - 'Netfilter Local Privilege Escalation'

CVE-2021-22555 Linux Kernel 2619 &lt; 59 - 'Netfilter Local Privilege Escalation'

Script of Network Security Project - Attack on CVE-2021-22555

Project Name CVE-2021-22555 attack script Description This project is an automatic attack tool implemented in Python It performs various security tests and attacks on a target system running Ubuntu 2004 with kernel version 580-48 The tool includes functionalities such as ping, live host detection, full open scan, SSH brute force, and exploitation of the CVE-2021-2255 vulne

LinuxKernelCVE CVE CVE Description PoC CVE-2021-22555 A heap out-of-bounds write affecting Linux since v2619-rc1 was discovered in net/netfilter/x_tablesc link

Реализация средств повышения привилегий в Linux

CVE-2022-0995 Эксплойт для CVE-2022-0995 Использует запись за пределы кучи в компоненте watch_queue ядра Linux Похожая техника описана в данном исследовании googlegithubio/security-research/pocs/linux/cve-2021-22555/writeuphtml Эксплойт проверен на Ubun

some interesting exploit articles

exploit_articles CVE-2021-22555: Turning \x00\x00 into 10000$ Meet WiFiDemon – iOS WiFi RCE 0-Day Vulnerability, and a Zero-Click Vulnerability That Was Silently Patched How to mitigate CVE-2021-33909 Sequoia with Falco – Linux filesystem privilege escalation vulnerability Bypassing Image Load Kernel Callbacks Privilege escalation with polkit: How to get root

kernelAll Language: English | 中文简体 只用几个命令即可编译各个版本的内核，且qemu适配运行，此外新加CVE环境编译建立功能。但是这个主要还是依赖我复现的CVE，暂时只有 CVE-2021-22555 并且可能不同的编译环境编译出来的相关gadget地址，或者cred结构体地址不太一

attachment and write up for D^3CTF 2023's pwn challenge - d3kcache

[D^3CTF 2023] d3kcache: From null-byte cross-cache overflow to infinite arbitrary read &amp; write in physical memory space 0x00 Before we start It may be my last time to design the Pwn challenge for D^3CTF before my undergraduate graduation Although I have always wanted to come up with some good challenges, I have been too inexperienced to create anything particularly

A penetration toolkit for container environment

ctrsploit: A penetration toolkit for container environment 中文文档 ctrsploit [kənˈteɪnər splɔɪt] Why ctrsploit see here Pre-Built Release githubcom/ctrsploit/ctrsploit/releases Self Build Build in Container make binary &amp;&amp; ls -lah bin/release Build in Local make build-ctrsploit

vArmor is a cloud native container sandbox system based on AppArmor/BPF/Seccomp. It also includes multiple built-in protection rules that are ready to use out of the box.

vArmor: A Cloud Native Container Sandbox English | 简体中文 Introduction vArmor is a cloud-native container sandbox system It leverages Linux's AppArmor LSM, BPF LSM and Seccomp technologies to implement enforcers It can be used to strengthen container isolation, reduce the kernel attack surface, and increase the difficulty and cost of container escape or lateral mov

CVE-2022-0995 exploit

CVE-2022-0995 CVE-2022-0995 exploit writeups exploit target: linux-51318 refernces: docskernelorg/core-api/watch_queuehtml#overview&gt; bsaucegithubio/2022/04/15/CVE-2022-0995/ googlegithubio/security-research/pocs/linux/cve-2021-22555/writeuphtml githubcom/Bonfee/CVE-2022-0995 How to build gcc -o exploit exploitc

a new cfi mechanism

struct_san - struct sanitizer 简介 struct_san是一个动态检测内核结构体函数指针的漏洞防御工具。业界对于结构体函数指针的保护主要集中在 Control-Flow Integrity (CFI),也就是关注在控制流上，没有关注在数据流上，例如某些CFI验证函数指针的方案是采用类型验证，如果指针被修改为同类型的函数则

CVE-2021-22555

A really good cybersec reading materials.

really-good-cybersec A really good cybersec reading materials Implementing a toy version of TLS 13 jvnsca/blog/2022/03/23/a-toy-version-of-tls/ tmpoutsh tmpoutsh/2/ Logic Flaw Leading to RCE in Dynamicweb 950 - 9127 blogassetnoteio/2022/02/20/logicflaw-dynamicweb-rce/ RWCTF 4th Desperate Cat Writeup githubcom/voidfyoo/rwctf-4th