POC详情: 08a97c1359497432f777262fcdb900e3d363a680

来源
https://github.com/chaudharyarjun/LooneyPwner
关联漏洞
标题: glibc 缓冲区错误漏洞 (CVE-2023-4911)
描述:glibc(GNU C Library)是GNU计划所实现的C标准库。 glibc存在缓冲区错误漏洞,该漏洞源于动态加载程序ld.so存在缓冲区溢出漏洞。
描述
Exploit tool for CVE-2023-4911, targeting the 'Looney Tunables' glibc vulnerability in various Linux distributions.
介绍
# LooneyPwner

Exploit tool for CVE-2023-4911, targeting the 'Looney Tunables' glibc vulnerability in various Linux distributions.

LooneyPwner is a proof-of-concept (PoC) exploit tool targeting the critical buffer overflow vulnerability, nicknamed "Looney Tunables," found in the GNU C Library (glibc). This flaw, officially tracked as CVE-2023-4911, is present in various Linux distributions, posing significant risks, including unauthorized data access and system alterations.

# Vulnerability Background

The vulnerability in the GNU C Library (glibc) was disclosed last week, with notable security researchers and analysts releasing PoC exploits, indicating the potential for widespread attacks. The flaw, discovered by Qualys researchers, can grant attackers root privileges on various Linux distributions including Fedora, Ubuntu, and Debian.

Unauthorized root access provides attackers unrestricted authority, enabling them to:

   * Modify, delete, or steal sensitive data.
   * Install malicious software or backdoors.
   * Facilitate ongoing attacks that may remain undetected for extended periods.
   * Cause data breaches, accessing customer data, intellectual property, and financial records.
   * Disrupt critical system operations, potentially causing service outages and harming an organization's reputation.

# Tool Capabilities


LooneyPwner exploits the "Looney Tunables" flaw, targeting affected glibc versions. The tool:

   * Detects the installed glibc version.
   * Checks for vulnerability status.
   * Offers an option for exploitation if vulnerable.

# Usage

```bash
chmod +x looneypwner.sh
./looneypwner.sh
```
![looney](https://github.com/chaudharyarjun/LooneyPwner/assets/66072013/0c48c4a6-d3bd-407d-943d-736a337b5830)

# Disclaimer

This tool is intended for educational purposes and security research only. The user assumes all responsibility for any damages or misuse resulting from its use.

# Credits

This exploit code is based on the work of [leesh3288](https://github.com/leesh3288/CVE-2023-4911). A big thanks to him for the foundational work on the exploit.
文件快照

 [4.0K]  /data/pocs/08a97c1359497432f777262fcdb900e3d363a680
├── [ 34K]  LICENSE
├── [7.1K]  looneypwner.sh
└── [2.1K]  README.md

0 directories, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。