Created
January 20, 2020 13:22
-
-
Save filipochnik/edbbf8e1eac56057d2a521840461639d to your computer and use it in GitHub Desktop.
glibc/resolv race PoC
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| nameserver 127.0.0.1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| nameserver 127.0.0.53 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdlib.h> | |
| #include <unistd.h> | |
| #include <stdio.h> | |
| #include <netdb.h> | |
| #include <sys/socket.h> | |
| #include <netinet/in.h> | |
| #include <arpa/inet.h> | |
| static int renamer_running = 0; | |
| void start_renamer() | |
| { | |
| system("sudo ./renamer &"); | |
| renamer_running = 1; | |
| } | |
| void stop_renamer() | |
| { | |
| system("sudo killall -signal SIGINT renamer"); | |
| renamer_running = 0; | |
| } | |
| int main() | |
| { | |
| int fails = 0; | |
| start_renamer(); | |
| while (1) | |
| { | |
| if (gethostbyname("google.com")) | |
| { | |
| printf("Hostname resolved, exiting\n"); | |
| break; | |
| } | |
| else | |
| { | |
| fails++; | |
| printf("Failed to resolve hostname %d times\n", fails); | |
| } | |
| if (renamer_running) | |
| { | |
| stop_renamer(); | |
| } | |
| sleep(1); | |
| } | |
| return 0; | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #define _GNU_SOURCE | |
| #include <unistd.h> | |
| #include <linux/fs.h> | |
| #include <sys/syscall.h> | |
| #include <stdio.h> | |
| #include <signal.h> | |
| static volatile int keepRunning = 1; | |
| void intHandler(int dummy) | |
| { | |
| keepRunning = 0; | |
| } | |
| static void renameat2(const char* src, const char* dst) | |
| { | |
| syscall(SYS_renameat2, 0, src, 0, dst, RENAME_EXCHANGE); | |
| } | |
| int main () | |
| { | |
| char resolv[] = "/etc/resolv.conf"; | |
| char tmp[] = "/etc/resolv.tmp.conf"; | |
| signal(SIGINT, intHandler); | |
| while (keepRunning) | |
| { | |
| renameat2(resolv, tmp); | |
| renameat2(resolv, tmp); | |
| } | |
| return (0); | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| while (true); do echo "\n\n\nxxxxxxxxxx RESTARTING xxxxxxxxxx"; ./main; done; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment