Fragnesia

This repository is a standalone Go local privilege escalation exploit for CVE-2026-46300, not tied to a common exploitation framework. The codebase is compact: main.go orchestrates execution and namespace re-exec, esp.go installs an IPv6 loopback ESP-in-TCP XFRM security association via NETLINK_XFRM, trigger.go contains the core exploitation logic, and pty.go provides an interactive PTY bridge after successful escalation. README.md documents build and target OS information. The exploit’s core capability is a byte-wise page-cache overwrite primitive against /usr/bin/su. It builds a 256-entry AES-GCM keystream lookup table, then for each differing byte between the current file contents and an embedded 192-byte x86_64 ELF payload, it chooses an IV/nonce that yields the needed XOR keystream byte. It then triggers the vulnerable kernel path by creating a local TCP connection over IPv6 loopback to port 5556, splicing file-backed data from /usr/bin/su into the TCP path, and enabling TCP_ULP "espintcp" after the data is queued. The code comments state that this causes in-place AES-GCM decryption on queued data, corrupting the underlying page-cache page one byte at a time. Operationally, the exploit re-execs itself in new user and network namespaces using CLONE_NEWUSER|CLONE_NEWNET, maps the current user/group to namespace root, brings up loopback, installs the XFRM SA, builds the keystream table, and runs the byte-flip loop. After patching, it verifies marker bytes at offset 0x78 in /usr/bin/su. If successful, it launches su inside a fresh PTY and bridges the user terminal to it, attempting to obtain an interactive root shell. The payload is embedded and fixed rather than user-configurable, so the exploit is best classified as OPERATIONAL rather than framework-grade weaponized. Fingerprintable observables include the target file /usr/bin/su, execution of su and /bin/bash, PTY device paths /dev/ptmx and /dev/pts/*, IPv6 loopback ::1, local TCP port 5556, use of NETLINK_XFRM, and the TCP ULP string espintcp. Overall, this is a real exploit implementation with a complete exploitation chain, not merely a detector or README.

This repository is a small self-contained Linux container exploit lab centered on `exploit.c`, with supporting Docker/test automation and example logs. The main exploit is a C program that performs two local/container-focused actions: (1) opens `/proc/1/ns/mnt` and invokes `setns()` to test whether it can join another mount namespace, representing a namespace escape attempt; and (2) creates an IPv4 TCP socket and invokes `setsockopt(..., IPPROTO_TCP, TCP_ULP, "tls", ...)` to reach the kernel TCP ULP code path associated in the repo with CVE-2026-46300. The code is not a remote exploit and contains no callback infrastructure, C2, or shell payload; instead it is an operational demonstration binary that reports success/failure based on syscall results and errno values. Repository structure: `exploit.c` contains the exploit logic; `Dockerfile` builds the binary into an Alpine-based container image; `run_exploit.sh` automates building the image and running it in two modes—an unmitigated privileged container and a mitigated container with `--cap-drop ALL` and `no-new-privileges`; `seccomp-profile.json` provides a restrictive syscall allowlist profile, though the helper script does not actually pass it to `docker run`; `README.md` documents the architecture and intended mitigations; the two `.log` files capture sample outputs; and the GitHub Actions workflow runs the helper script in CI and uploads the logs. Notable findings: the exploit targets local Linux/container primitives rather than network services; the only concrete filesystem target is `/proc/1/ns/mnt`; the TCP path does not connect to any remote host and simply exercises socket creation and a TCP ULP socket option. The included logs show `setns()` succeeding in the privileged container and being blocked in the hardened one, while `setsockopt(TCP_ULP)` still reaches the kernel in both sample logs, indicating the mitigation script as written does not fully enforce the seccomp restrictions described in the README. Overall, this is a real exploit simulation / PoC-style lab for container hardening validation, not a fake exploit and not merely a detector.

This repository is a minimal local Linux privilege-escalation exploit consisting of one Bash script (`CVE-2026-3600.sh`) and a placeholder README. The script is not a scanner or detector; it actively attempts exploitation. Its purpose is to gain host root privileges from an unprivileged local account by abusing a cgroup v1 `release_agent` escape path from within a newly created user and network namespace. Operational flow: the script first verifies it is not already running as root and checks for required binaries (`unshare`, `mount`, `rmdir`, `ip`). It then creates a temporary shell payload under `/tmp/fragnesia.XXXXXX.sh`. That payload copies `/bin/bash` to `/tmp/.rootshell` and marks it setuid (`chmod 4755`), effectively creating a reusable root backdoor. Next, the exploit enters a new user+network namespace with `unshare --user --map-root-user --net bash`, brings up loopback, and attempts to mount a cgroup v1 memory controller at `/tmp/cg_escape`. It writes the payload path into `/tmp/cg_escape/release_agent`, creates a child cgroup, places the current process into it via `cgroup.procs`, enables `notify_on_release`, and removes the child cgroup to trigger the release handler. If successful, the host executes the payload as root and drops `/tmp/.rootshell`. The script then checks for that file and instructs the operator to run `/tmp/.rootshell -p` on the host. There are no network callbacks, remote C2 endpoints, or external downloads. All observables are local filesystem paths and namespace/cgroup interactions. The exploit is operational because it includes a working payload and exploitation logic, but it is not heavily modular or framework-based.

This repository is a standalone Go local privilege escalation exploit for the vulnerability labeled in comments as Fragnesia / CVE-2026-46300. It is not part of a common exploit framework. The codebase is compact and organized into four Go source files plus module metadata: main.go orchestrates execution and namespace re-exec, esp.go configures the kernel XFRM ESP-in-TCP security association over IPv6 loopback, trigger.go implements the keystream calculation and byte-by-byte page-cache corruption primitive, and pty.go provides an interactive PTY wrapper around su after exploitation. Core capability: the exploit abuses a kernel behavior where TCP_ULP espintcp is enabled after file-backed data has been splice()d into a TCP receive queue. The queued data is then AES-GCM processed in place, causing attacker-controlled XOR keystream bytes to be applied to the underlying page-cache page. The exploit uses this as a write primitive against /usr/bin/su. It first installs an ESP-in-TCP XFRM SA using NETLINK_XFRM with a hardcoded AES-128-GCM key and salt, then computes a 256-entry lookup table mapping desired keystream byte values to IV nonces. For each byte of a 192-byte embedded x86_64 ELF payload, it reads the current byte from /usr/bin/su, computes the needed XOR delta, selects a nonce producing that keystream byte, and triggers a local sender/receiver TCP pair over [::1]:5556. The sender writes an ESP-in-TCP prefix and splice()s file data from /usr/bin/su into the socket; the receiver later enables the espintcp ULP, causing in-place decryption/XOR on the queued page-cache-backed data. The exploit is clearly operational rather than a mere proof of concept because it contains a complete payload and post-exploitation flow. The embedded payload is a tiny ELF intended to execute /bin/sh as root. After patching, the program verifies marker bytes at offset 0x78 in /usr/bin/su, then launches su in a fresh PTY and bridges stdin/stdout to provide an interactive shell. It also auto-sends a blank newline if a password prompt appears. Notable implementation details: it uses CLONE_NEWUSER and CLONE_NEWNET to run the worker in isolated namespaces while mapping the current user/group to container root; it explicitly brings up the loopback interface in the new namespace; it hardcodes SPI 0x100, TCP encapsulation port 5556, and the espintcp ULP string; and it targets IPv6 loopback only. There are no external C2 or remote network endpoints—network activity is purely local and used as part of the exploitation primitive.

This repository is a small PoC-focused project containing one substantive exploit source file: pocs/fragnesia/fragnesia.c. The exploit is a real local privilege escalation PoC for a Linux kernel XFRM ESP-in-TCP page-cache corruption bug described as “Fragnesia,” part of the Dirty Frag bug class. It is not a framework module and not merely a detector. Repository structure: top-level README and LICENSE provide legal/research disclaimers; pocs/README.md is a placeholder; pocs/fragnesia/README.md contains the technical write-up, exploitation notes, mitigation guidance, and affected-version discussion; pocs/fragnesia/fragnesia.c contains the actual exploit implementation. Exploit purpose and flow: the code unshares into new user and network namespaces, gains CAP_NET_ADMIN within that namespace, installs an XFRM ESP-in-TCP security association via NETLINK_XFRM using a known AES-GCM key, and uses AF_ALG to precompute a lookup table mapping desired keystream bytes to IV nonces. It then repeatedly triggers a splice-then-ULP sequence so that file-backed pages already queued in a TCP socket are later interpreted as ESP ciphertext when TCP_ULP is switched to espintcp. This causes a controlled XOR of one byte into the kernel page cache for a read-only file. The exploit iterates byte-by-byte over a 192-byte embedded ELF payload, targeting the first bytes of /usr/bin/su in page cache. After verification, it execves /usr/bin/su, which now executes the injected stub from cache and spawns /bin/sh as root. Main capabilities: arbitrary byte writes into cached pages of read-only files; namespace-based setup to reach the vulnerable kernel path without host root; automated payload generation/use via embedded ELF shell stub; final root shell acquisition. The exploit is operational rather than just conceptual because it contains the full trigger logic and a working privilege-escalation payload, though the payload is hardcoded to /usr/bin/su and /bin/sh. Notable targeting details: the README states all kernels affected by Dirty Frag are affected, specifically kernels lacking the referenced May 13 2026 patch, with confirmed success on Ubuntu kernel 6.8.0-111-generic. Successful exploitation depends on unprivileged user namespaces being allowed and relevant XFRM/ESP functionality being available. The README warns that the poisoned /usr/bin/su remains dangerous until page cache eviction or reboot.

This repository is a minimal local Linux namespace exploitation/abuse proof-of-concept consisting of one Python script and a README disclaimer. The main file, CVE-2026-46300.py, uses ctypes to call libc.unshare() directly, first creating a new user namespace and then, after the parent writes UID/GID mappings via /proc/<pid>/uid_map, /proc/<pid>/setgroups, and /proc/<pid>/gid_map, creating a new network namespace. Inside the child namespace it attempts to initialize loopback using the external 'ip' command, then drops into an interactive REPL that executes arbitrary shell commands through /bin/sh. The demonstrated outcome in the README is 'whoami' returning 'root', which is consistent with namespace-root privileges rather than confirmed host privilege escalation. There are no remote network targets, callbacks, hardcoded C2 endpoints, or exploit framework artifacts. Structurally, the code is straightforward: helper wrappers for unshare and proc-file writes, a parent/child synchronization mechanism using pipes, namespace ID mapping logic, and an interactive command runner. Overall, this is an operational local privilege/context-manipulation PoC for Linux namespace root within isolated namespaces, not a remote exploit or detection script.