This repository was created for studying purpose. The project contains some tools for studying the sudo Baron Samedit vulnerability and the exploit for it. Thanks to Qualys Team for discovering such vulnerability, to Worawit and 0xdevil for the interesting writeups.
The Docker directory contains a Docker container used for studying some part of the vulnerability:
- Use
make allfor starting the container. - Use
make rootfor open a shell as root. - Use
make userfor open a shell as user.
Care that the exploit will not work on the Docker container, at least not on
Mac OS Big Surwithdocker-machine
The environment directory contains
debug.pyandgdb_configused for debugging sudo. The subdirectorysrccontains some part of the source code.The
sourcedirectory contains all the sudo code.the
exploitdirectory contains the python exploit devolped for this project and the malicious library used for spawn a root shell.
- Compile the C program
gcc -shared -o X1234.so.2 -fPIC X1234.c - Run the exploit
python3 exploit.py - Enjoi the root shell
The exploit was tested on :
Ubuntu 20.04ldd (Ubuntu GLIBC 2.31-0ubuntu9) 2.31 Copyright (C) 2020 Free Software Foundation, Inc.sudo version: 1.8.31
it may not work on other versions. In that case just try to change some numbers in the code.