asses_CVE-2021-4034.yml

- name: Check vulerability for privilege escalation CVE-2021-4043
  gather_facts: yes
  hosts: operational
  #become: yes
  
  

  tasks:
    - name: Check user
      shell: whoami
      register: executingUser
      failed_when: executingUser.rc > 0 or 'root' in executingUser.stdout 
      changed_when: False
      
    - name: Copy malicious binary
      copy: 
        src: cve-2021-4034-exploit 
        dest: ~/
        owner: "{{ executingUser.stdout }}"
        group: "{{ executingUser.stdout }}"
        mode: '700'
    
    - debug: 
        msg: "User before escalation {{ executingUser.stdout }}"
    
    - name: Try privilege escalation
      shell: |
        ~/cve-2021-4034-exploit 2>&1
        whoami 
      register: whoamiAfter

    - debug:
        msg: "Return of escalation: {{ whoamiAfter.stdout_lines }}"

    - debug:
        msg: "whoamiAfter: {{ whoamiAfter.stdout_lines }}"

    - name: Remove malicious binary and temporary files of exploit
      ansible.builtin.file:
        path: "{{ item }}"
        state: absent
      with_items:
        - ~/cve-2021-4034-exploit
        - ~/lol/
        - ~/GCONV_PATH=./
        - ~/payload.so
        - ~/payload.c

    - name: Check result of privilege escalation
      assert:
        that: "'root' not in {{ whoamiAfter.stdout_lines }}"
        fail_msg: "Privilege escalation worked: I'm root."
        success_msg: "System is safe. I'm user {{ executingUser.stdout }}."