[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-81928":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":5,"homepage":8,"htmlUrl":8,"language":9,"languages":8,"totalLinesOfCode":8,"stars":10,"forks":11,"watchers":12,"openIssues":13,"contributorsCount":13,"subscribersCount":13,"size":13,"stars1d":13,"stars7d":14,"stars30d":14,"stars90d":13,"forks30d":13,"starsTrendScore":13,"compositeScore":15,"rankGlobal":8,"rankLanguage":8,"license":8,"archived":16,"fork":16,"defaultBranch":17,"hasWiki":18,"hasPages":16,"topics":19,"createdAt":8,"pushedAt":8,"updatedAt":20,"readmeContent":21,"aiSummary":22,"trendingCount":13,"starSnapshotCount":13,"syncStatus":23,"lastSyncTime":24,"discoverSource":25},81928,"CVE-2026-46333","0xBlackash\u002FCVE-2026-46333","0xBlackash",null,"C",31,7,26,0,5,42.71,false,"main",true,[],"2026-06-12 04:01:36","\u003Cdiv align=\"center\">\n\n# 🚀 CVE-2026-46333 - ssh-keysign-pwn\n\n\u003Cimg width=\"1774\" height=\"887\" alt=\"ChatGPT Image May 17, 2026, 11_32_19 AM\" src=\"https:\u002F\u002Fgithub.com\u002Fuser-attachments\u002Fassets\u002Fe9c56fe8-40a3-41f3-90f8-90df124c702e\" \u002F>\n\n**High-quality Proof of Concept** for the Linux kernel race condition vulnerability\n\n![Linux](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FOS-Linux-000000?style=for-the-badge&logo=linux)\n![Kernel](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FKernel-≤6.15-orange?style=for-the-badge)\n![Exploit](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FExploit-Working-success?style=for-the-badge)\n![License](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLicense-MIT-green?style=for-the-badge)\n\n\u003C\u002Fdiv>\n\n**A clean and reliable proof-of-concept exploit for CVE-2026-46333** — Local information disclosure via race condition in the Linux kernel's process exit path.\n\n---\n\n## 🖼️ Screenshot\n\n\u003Cimg width=\"1920\" height=\"952\" alt=\"CVE-2026-46333\" src=\"https:\u002F\u002Fgithub.com\u002Fuser-attachments\u002Fassets\u002Fe3f4fcb2-5fa7-4f1d-b1f9-39ee0b72f3be\" \u002F>\n\n*Successfully stealing SSH host private key and \u002Fetc\u002Fshadow on Kali Linux*\n\n---\n\n## 📌 About the Vulnerability\n\n**CVE-2026-46333** (also known as **ssh-keysign-pwn**) is a race condition in the Linux kernel's `ptrace` and process exit logic (`do_exit()` → `exit_mm()` before `exit_files()`).\n\nWhen a privileged process (e.g. SUID `ssh-keysign` or `chage`) has `mm == NULL` during exit, the dumpability check is bypassed, allowing an unprivileged local attacker to use `pidfd_getfd()` to steal open file descriptors.\n\n**Impact**:  \n- Steal SSH host private keys (`\u002Fetc\u002Fssh\u002Fssh_host_*_key`)\n- Dump `\u002Fetc\u002Fshadow`\n- Potential for further attacks using stolen credentials\n\n**Discovered by**: Qualys  \n**Fixed in**: Kernel commit `31e62c2ebbfdc3fe3dbdf5e02c92a9dc67087a3a` (May 2026)\n\n---\n\n## ✨ Features\n\n- Original clean code (not copied from existing repos)\n- High success rate\n- Two working exploits:\n  - SSH Host Private Key Stealer\n  - `\u002Fetc\u002Fshadow` Stealer via `chage`\n- Clean output with progress feedback\n- No external dependencies\n- Well commented\n\n---\n\n## 🛠️ Usage\n\n### 1. Clone & Build\n\n```bash\ngit clone https:\u002F\u002Fgithub.com\u002F0xBlackash\u002FCVE-2026-46333.git\ncd CVE-2026-46333\n```\n\n### 2. Run SSH Host Key Exploit\n\n```bash\nsudo .\u002FCVE-2026-46333\n```\n\n### 3. Run Shadow File Exploit\n\n```bash\nsudo .\u002FCVE-2026-46333-shadow\n```\n\n---\n\n## 📂 Files\n\n| File                        | Description                              |\n|----------------------------|------------------------------------------|\n| `cve-2026-46333.c`         | SSH host private keys stealer            |\n| `cve-2026-46333-shadow.c`  | `\u002Fetc\u002Fshadow` stealer via chage          |\n| `README.md`                | This file                                |\n\n---\n\n## 📖 Example Output\n\n**SSH Key Stealer:**\n```bash\n[+] SUCCESS! Stolen fd 3 -> \u002Fetc\u002Fssh\u002Fssh_host_ecdsa_key (round 0)\n-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAAB...\n```\n\n**Shadow Stealer:**\n```bash\n[+] SUCCESS! Stolen \u002Fetc\u002Fshadow (round 0)\nroot:*:19953:0:99999:7:::\nkali:$y$j9T$zY1oKFxJlTgP2WcJhzbNl1$...\n```\n\n---\n\n## 🛡️ Mitigation\n\n- Update your kernel to **any version containing commit `31e62c2ebbfd...`**\n- Recommended: Use latest stable kernel from your distribution\n- Disable `EnableSSHKeysign` in `sshd_config` if not needed\n\n---\n\n## ⚠️ Legal Disclaimer\n\nThis exploit is for **educational and security research purposes only**.  \nUse it **only on systems you own or have explicit written permission** to test.  \nThe author is not responsible for any misuse or damage.\n\n---\n\n## ⭐ Credits\n\n- Vulnerability: Qualys\n- PoC Development: Ashraf Zaryouh \"\"0xBlackash\"\"\n- Original Research: Various kernel researchers\n\n---\n\n## 📜 License\n\nThis project is licensed under the **MIT License** — feel free to use, modify, and distribute.\n\n---\n\n**Made with ❤️ for the security community**\n\n*Keeping systems updated is the best defense.*\n","该项目提供了一个针对CVE-2026-46333漏洞的高质量概念验证代码，该漏洞是Linux内核中的一种竞态条件，允许本地信息泄露。核心功能包括通过利用`ptrace`和进程退出逻辑中的竞态条件来窃取SSH主机私钥和`\u002Fetc\u002Fshadow`文件。技术特点为原创干净代码、高成功率、无需外部依赖，并且提供了清晰的操作反馈。适用于安全研究人员在受控环境中测试系统安全性或教育目的，帮助理解此类漏洞的影响及修复方法。",2,"2026-06-11 04:07:14","CREATED_QUERY"]