hfsunsshdx.tgz fails to compile using gcc v4.8.5

[sskras]

$ make
gcc main.c -o hfsunsshdx -lssh2
main.c: In function ‘prepare_payload’:
main.c:308:3: error: ‘for’ loop initial declarations are only allowed in C99 mode
   for(int i =0;i <= (512 - len);i++){
   ^
main.c:308:3: note: use option -std=c99 or -std=gnu99 to compile your code
make: *** [hfsunsshdx] Error 1

The mentioned addition is enough for compilation to succeed:

--- a/Makefile
+++ b/Makefile
@@ -1,7 +1,7 @@
 all: hfsunsshdx

 hfsunsshdx: main.c
-       gcc main.c -o hfsunsshdx -lssh2
+       gcc main.c -o hfsunsshdx -lssh2 -std=c99

 clean:
        rm -rf hfsunsshdx

[hackerhouse-opensource]

Hi sskrs, thank you for the suggestion. I looked into making this change but as this is for an older version of gcc it would require re-writing portions of the exploit code to prevent errors in later versions of gcc from 8 onwards. Thank you for the suggested fix, if someone wishes to compile it with older versions of gcc then they can apply the -std=c99 argument to the compile flags.

[hackerhouse-opensource]

Hi blacklat, depending on the hypervisor in use and arbitrarily on some hardware the base address of components such as the libc virtual address may be offset - this is documented and described behavior in our blog post which you can read through to understand how the exploit works and port it to your own target if needed. We have successfully used this exploit across numerous systems and hypervisors, unlike the metasploit module which uses ret-into-libc and has only a single address to calculate an offset for, our exploit uses ROP chains which use many hardcoded addresses that can be disrupted. The exploit has failed for you due to this known behavior which is still being investigated as the cause for the address change is not known as described in our blog here - https://hacker.house/lab/cve-2020-18471/