leviathan/SKELETONKEY
1
0
Fork 0
Code Issues Pull Requests Actions 21 Packages Projects Releases Wiki Activity

scaffold: 4 new module dirs (sudo_samedit, sequoia, sudoedit_editor, vmwgfx)

Browse Source 
Stubs returning PRECOND_FAIL. Parallel agents fill in real detect/exploit.
This commit is contained in:
KaraZajac
2026-05-17 01:47:28 -04:00
parent 324b539d65
commit 5a73565e0e
11 changed files with 125 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Makefile
+17 -1
View File
@@ -126,10 +126,26 @@ NPL_DIR := modules/nft_payload_cve_2023_0179
NPL_SRCS := $(NPL_DIR)/skeletonkey_modules.c NPL_SRCS := $(NPL_DIR)/skeletonkey_modules.c
NPL_OBJS := $(patsubst %.c,$(BUILD)/%.o,$(NPL_SRCS)) NPL_OBJS := $(patsubst %.c,$(BUILD)/%.o,$(NPL_SRCS))
SAM_DIR := modules/sudo_samedit_cve_2021_3156
SAM_SRCS := $(SAM_DIR)/skeletonkey_modules.c
SAM_OBJS := $(patsubst %.c,$(BUILD)/%.o,$(SAM_SRCS))
SEQ_DIR := modules/sequoia_cve_2021_33909
SEQ_SRCS := $(SEQ_DIR)/skeletonkey_modules.c
SEQ_OBJS := $(patsubst %.c,$(BUILD)/%.o,$(SEQ_SRCS))
SUE_DIR := modules/sudoedit_editor_cve_2023_22809
SUE_SRCS := $(SUE_DIR)/skeletonkey_modules.c
SUE_OBJS := $(patsubst %.c,$(BUILD)/%.o,$(SUE_SRCS))
VMW_DIR := modules/vmwgfx_cve_2023_2008
VMW_SRCS := $(VMW_DIR)/skeletonkey_modules.c
VMW_OBJS := $(patsubst %.c,$(BUILD)/%.o,$(VMW_SRCS))
# Top-level dispatcher # Top-level dispatcher
TOP_OBJ := $(BUILD)/skeletonkey.o TOP_OBJ := $(BUILD)/skeletonkey.o
ALL_OBJS := $(TOP_OBJ) $(CORE_OBJS) $(CFF_OBJS) $(DP_OBJS) $(EB_OBJS) $(PK_OBJS) $(NFT_OBJS) $(OVL_OBJS) $(CR4_OBJS) $(DCOW_OBJS) $(PTM_OBJS) $(NXC_OBJS) $(AFP_OBJS) $(FUL_OBJS) $(STR_OBJS) $(AFP2_OBJS) $(CRA_OBJS) $(OSU_OBJS) $(NSU_OBJS) $(AUG_OBJS) $(NFD_OBJS) $(NPL_OBJS) ALL_OBJS := $(TOP_OBJ) $(CORE_OBJS) $(CFF_OBJS) $(DP_OBJS) $(EB_OBJS) $(PK_OBJS) $(NFT_OBJS) $(OVL_OBJS) $(CR4_OBJS) $(DCOW_OBJS) $(PTM_OBJS) $(NXC_OBJS) $(AFP_OBJS) $(FUL_OBJS) $(STR_OBJS) $(AFP2_OBJS) $(CRA_OBJS) $(OSU_OBJS) $(NSU_OBJS) $(AUG_OBJS) $(NFD_OBJS) $(NPL_OBJS) $(SAM_OBJS) $(SEQ_OBJS) $(SUE_OBJS) $(VMW_OBJS)
.PHONY: all clean debug static help .PHONY: all clean debug static help
core/registry.h
+4
View File
@@ -40,5 +40,9 @@ void skeletonkey_register_nft_set_uaf(void);
void skeletonkey_register_af_unix_gc(void); void skeletonkey_register_af_unix_gc(void);
void skeletonkey_register_nft_fwd_dup(void); void skeletonkey_register_nft_fwd_dup(void);
void skeletonkey_register_nft_payload(void); void skeletonkey_register_nft_payload(void);
void skeletonkey_register_sudo_samedit(void);
void skeletonkey_register_sequoia(void);
void skeletonkey_register_sudoedit_editor(void);
void skeletonkey_register_vmwgfx(void);
#endif /* SKELETONKEY_REGISTRY_H */ #endif /* SKELETONKEY_REGISTRY_H */
modules/sequoia_cve_2021_33909/skeletonkey_modules.c
+20
View File
@@ -0,0 +1,20 @@
/* sequoia_cve_2021_33909 — STUB pending agent implementation. */
#include "skeletonkey_modules.h"
#include "../../core/registry.h"
static skeletonkey_result_t sequoia_detect(const struct skeletonkey_ctx *ctx)
{ (void)ctx; return SKELETONKEY_PRECOND_FAIL; }
const struct skeletonkey_module sequoia_module = {
.name = "sequoia",
.cve = "CVE-2021-33909",
.summary = "seq_file size_t overflow → kernel stack write (Qualys Sequoia) — stub pending implementation",
.family = "filesystem",
.kernel_range = "K < 5.13.4 / 5.10.52 / 5.4.134",
.detect = sequoia_detect,
.exploit = NULL, .mitigate = NULL, .cleanup = NULL,
.detect_auditd = NULL, .detect_sigma = NULL,
.detect_yara = NULL, .detect_falco = NULL,
};
void skeletonkey_register_sequoia(void) { skeletonkey_register(&sequoia_module); }
modules/sequoia_cve_2021_33909/skeletonkey_modules.h
+5
View File
@@ -0,0 +1,5 @@
#ifndef SEQUOIA_SKELETONKEY_MODULES_H
#define SEQUOIA_SKELETONKEY_MODULES_H
#include "../../core/module.h"
extern const struct skeletonkey_module sequoia_module;
#endif
modules/sudo_samedit_cve_2021_3156/skeletonkey_modules.c
+20
View File
@@ -0,0 +1,20 @@
/* sudo_samedit_cve_2021_3156 — STUB pending agent implementation. */
#include "skeletonkey_modules.h"
#include "../../core/registry.h"
static skeletonkey_result_t sudo_samedit_detect(const struct skeletonkey_ctx *ctx)
{ (void)ctx; return SKELETONKEY_PRECOND_FAIL; }
const struct skeletonkey_module sudo_samedit_module = {
.name = "sudo_samedit",
.cve = "CVE-2021-3156",
.summary = "sudo Baron Samedit heap overflow (Qualys) — stub pending implementation",
.family = "sudo",
.kernel_range = "sudo 1.8.2 ≤ V ≤ 1.9.5p1 (userspace)",
.detect = sudo_samedit_detect,
.exploit = NULL, .mitigate = NULL, .cleanup = NULL,
.detect_auditd = NULL, .detect_sigma = NULL,
.detect_yara = NULL, .detect_falco = NULL,
};
void skeletonkey_register_sudo_samedit(void) { skeletonkey_register(&sudo_samedit_module); }
modules/sudo_samedit_cve_2021_3156/skeletonkey_modules.h
+5
View File
@@ -0,0 +1,5 @@
#ifndef SUDO_SAMEDIT_SKELETONKEY_MODULES_H
#define SUDO_SAMEDIT_SKELETONKEY_MODULES_H
#include "../../core/module.h"
extern const struct skeletonkey_module sudo_samedit_module;
#endif
modules/sudoedit_editor_cve_2023_22809/skeletonkey_modules.c
+20
View File
@@ -0,0 +1,20 @@
/* sudoedit_editor_cve_2023_22809 — STUB pending agent implementation. */
#include "skeletonkey_modules.h"
#include "../../core/registry.h"
static skeletonkey_result_t sudoedit_editor_detect(const struct skeletonkey_ctx *ctx)
{ (void)ctx; return SKELETONKEY_PRECOND_FAIL; }
const struct skeletonkey_module sudoedit_editor_module = {
.name = "sudoedit_editor",
.cve = "CVE-2023-22809",
.summary = "sudoedit EDITOR/VISUAL `--` argv escape → arbitrary file write as root — stub pending implementation",
.family = "sudo",
.kernel_range = "sudo 1.8.0 ≤ V < 1.9.12p2 (userspace)",
.detect = sudoedit_editor_detect,
.exploit = NULL, .mitigate = NULL, .cleanup = NULL,
.detect_auditd = NULL, .detect_sigma = NULL,
.detect_yara = NULL, .detect_falco = NULL,
};
void skeletonkey_register_sudoedit_editor(void) { skeletonkey_register(&sudoedit_editor_module); }
modules/sudoedit_editor_cve_2023_22809/skeletonkey_modules.h
+5
View File
@@ -0,0 +1,5 @@
#ifndef SUDOEDIT_EDITOR_SKELETONKEY_MODULES_H
#define SUDOEDIT_EDITOR_SKELETONKEY_MODULES_H
#include "../../core/module.h"
extern const struct skeletonkey_module sudoedit_editor_module;
#endif
modules/vmwgfx_cve_2023_2008/skeletonkey_modules.c
+20
View File
@@ -0,0 +1,20 @@
/* vmwgfx_cve_2023_2008 — STUB pending agent implementation. */
#include "skeletonkey_modules.h"
#include "../../core/registry.h"
static skeletonkey_result_t vmwgfx_detect(const struct skeletonkey_ctx *ctx)
{ (void)ctx; return SKELETONKEY_PRECOND_FAIL; }
const struct skeletonkey_module vmwgfx_module = {
.name = "vmwgfx",
.cve = "CVE-2023-2008",
.summary = "vmwgfx DRM driver buffer-object OOB write — stub pending implementation",
.family = "drm",
.kernel_range = "K < 6.3-rc6 (vmware-svga / vmwgfx driver)",
.detect = vmwgfx_detect,
.exploit = NULL, .mitigate = NULL, .cleanup = NULL,
.detect_auditd = NULL, .detect_sigma = NULL,
.detect_yara = NULL, .detect_falco = NULL,
};
void skeletonkey_register_vmwgfx(void) { skeletonkey_register(&vmwgfx_module); }
modules/vmwgfx_cve_2023_2008/skeletonkey_modules.h
+5
View File
@@ -0,0 +1,5 @@
#ifndef VMWGFX_SKELETONKEY_MODULES_H
#define VMWGFX_SKELETONKEY_MODULES_H
#include "../../core/module.h"
extern const struct skeletonkey_module vmwgfx_module;
#endif
skeletonkey.c
+4
View File
@@ -695,6 +695,10 @@ int main(int argc, char **argv)
skeletonkey_register_af_unix_gc(); skeletonkey_register_af_unix_gc();
skeletonkey_register_nft_fwd_dup(); skeletonkey_register_nft_fwd_dup();
skeletonkey_register_nft_payload(); skeletonkey_register_nft_payload();
skeletonkey_register_sudo_samedit();
skeletonkey_register_sequoia();
skeletonkey_register_sudoedit_editor();
skeletonkey_register_vmwgfx();
enum mode mode = MODE_SCAN; enum mode mode = MODE_SCAN;
struct skeletonkey_ctx ctx = {0}; struct skeletonkey_ctx ctx = {0};