Giters

liamg / traitor

:arrow_up: :skull_and_crossbones: :fire: Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Exploit CVE-2022-0847 terminates with error

drtha opened this issue · comments

commented

Hi,

I am using the command: ./traitor --exploit kernel:CVE-2022-0847

It seem to work, but terminates with an error: [+][error] Exploit failed: invalid password (see below).

In /etc/passwd: traitor4242❌1001:1001:CVE-2021-3560,,,:/home/traitor4242:/bin/bash
In /etc/shadow: traitor4242:!:19092:0:99999:7:::
In /etc/group: sudo❌27:thomas,traitor4242

Is there a reason, why it terminates with an error ?
Thanks for help
Thomas

▀█▀ █▀█ ▄▀█ █ ▀█▀ █▀█ █▀█
░█░ █▀▄ █▀█ █ ░█░ █▄█ █▀▄ v0.0.0
https://github.com/liamg/traitor

[+] Assessing machine state...
[+] Checking for opportunities...
[+][kernel:CVE-2022-0847] Kernel version 5.13.0 is vulnerable!
[+][kernel:CVE-2022-0847] Opportunity found, trying to exploit it...
[+][kernel:CVE-2022-0847] Attempting to set root password...
[+][kernel:CVE-2022-0847] Opening '/etc/passwd' for read...
[+][kernel:CVE-2022-0847] Creating pipe...
[+][kernel:CVE-2022-0847] Determining pipe size...
[+][kernel:CVE-2022-0847] Pipe size is 65536.
[+][kernel:CVE-2022-0847] Filling pipe...
[+][kernel:CVE-2022-0847] Draining pipe...
[+][kernel:CVE-2022-0847] Pipe drained.
[+][kernel:CVE-2022-0847] Splicing data...
[+][kernel:CVE-2022-0847] Writing to dirty pipe...
[+][kernel:CVE-2022-0847] Write of '/etc/passwd' successful!
[+][kernel:CVE-2022-0847] Starting shell...
[+][kernel:CVE-2022-0847] Please exit the shell once you are finished to ensure the contents of /etc/passwd is restored.
[+][kernel:CVE-2022-0847] Setting up tty...
[+][kernel:CVE-2022-0847] Attempting authentication as root...
[+][kernel:CVE-2022-0847] Restoring contents of /etc/passwd...
[+][kernel:CVE-2022-0847] Opening '/etc/passwd' for read...
[+][kernel:CVE-2022-0847] Creating pipe...
[+][kernel:CVE-2022-0847] Determining pipe size...
[+][kernel:CVE-2022-0847] Pipe size is 65536.
[+][kernel:CVE-2022-0847] Filling pipe...
[+][kernel:CVE-2022-0847] Draining pipe...
[+][kernel:CVE-2022-0847] Pipe drained.
[+][kernel:CVE-2022-0847] Splicing data...
[+][kernel:CVE-2022-0847] Writing to dirty pipe...
[+][kernel:CVE-2022-0847] Write of '/etc/passwd' successful!
[+][error] Exploit failed: invalid password
[+] Continuing to look for opportunities
[+] Nothing found to exploit.
thomas@thomas-ThinkPad-E15:~/traitor$

commented

Hi,
was the prob solved? I met the same error on target machine, wonder a remedy method.