This is an exploit for the CVE-2021-3156
sudo vulnerability (dubbed Baron Samedit by Qualys).
build:
$ make
list targets:
$ ./sudo-hax-me-a-sandwich
run:
$ ./sudo-hax-me-a-sandwich <target_number>
Send (sensible) PR's, I might merge.
Some ideas:
- More targets
- Target finding
- Other exploitation strategies
- More self contained functionality:
- Embed shared library hax.c (Make it small please, ELF golf + asm setuid/execve stub)
- Add mkdir logic to hax.c
- Directory/shared library cleanup