MCPcopy Index your code
hub / github.com/blasty/CVE-2021-3156

github.com/blasty/CVE-2021-3156 @main

Chat with this repo
repository ↗ · DeepWiki ↗ · + Follow
3 symbols 4 edges 2 files 0 documented · 0%
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

CVE-2021-3156 PoC

Introduction

This is an exploit for the CVE-2021-3156 sudo vulnerability (dubbed Baron Samedit by Qualys).

Usage

build:

$ make

list targets:

$ ./sudo-hax-me-a-sandwich

run:

$ ./sudo-hax-me-a-sandwich <target_number>

manual mode:

$ ./sudo-hax-me-a-sandwich <smash_len_a> <smash_len_b> <null_stomp_len> <lc_all_len>

Bruteforce target finding (experimental)

Make sure you have GNU parallel installed.

$ make brute
$ ./brute.sh <smash_start> <smash_end> <null_start> <null_end> <lc_start> <lc_end>

some defaults to try:

$ ./brute.sh 90 120 50 70 150 300

Will eat up all available cores. Don't try to netflix & brute.

Contributing

Send (sensible) PR's, I might merge.

Some ideas: * More targets * Target finding * Other exploitation strategies * More self contained functionality: * Embed shared library hax.c (Make it small please, ELF golf + asm setuid/execve stub) * Add mkdir logic to hax.c * Directory/shared library cleanup

Core symbols most depended-on inside this repo

usage
called by 1
hax.c
_init
called by 0
lib.c
main
called by 0
hax.c

Shape

Function 3

Languages

C100%

Modules by API surface

hax.c2 symbols
lib.c1 symbols

For agents

$ claude mcp add CVE-2021-3156 \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact