Skip to content

Commit

Permalink
docs: fixed uppercase
Browse files Browse the repository at this point in the history
  • Loading branch information
Your Name committed Mar 23, 2024
1 parent 54b5d49 commit 37b341e
Showing 1 changed file with 9 additions and 9 deletions.
18 changes: 9 additions & 9 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,24 +6,24 @@ Fileless proof-of-concept exploit for CVE-2024-1086, working on most Linux kerne

The only requirements are that user namespaces are enabled (kconfig `CONFIG_USER_NS=y`), those user namespaces are unprivileged (sh command `sysctl kernel.unprivileged_userns_clone` = 1), and nf_tables is enabled (kconfig `CONFIG_NF_TABLES=y`). By default, these are all enabled on Debian, Ubuntu, and KernelCTF. Other distro's have not been tested, but may work as well.

**Note (details in blogpost):**
**Note:**
- the affected versions lower limit (v5.14) is caused by the exploit. The underlying vulnerability has been in the kernel since v3.15, so if you're below v5.14 make sure you update your kernel in case someone makes an N-day for your specific version.
- the exploit may be unstable on systems with a WiFi adapter, surrounded by high-usage WiFi networks. When testing, please turn off WiFi adapters through BIOS.
- the exploit does not work v6.4> kernels with kconfig `CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y` (including Ubuntu v6.5)

## usage
## Usage

### configuration
### Configuration

The default values should work out of the box on Debian, Ubuntu, and KernelCTF with a local shell.

On non-tested setups/distros, please make sure the kconfig values match with the target kernel. These can be specified in [`src/config.h`](/src/config.h).

If you are running the exploit over SSH (into the test machine) or a reverse shell, you may want to toggle `CONFIG_REDIRECT_LOG` to `1` to avoid unnecessary network activity.

### building
### Building

outfile: `CVE-2024-1086/exploit`
Binary: `CVE-2024-1086/exploit`

```bash
git clone https://github.com/Notselwyn/CVE-2024-1086
Expand All @@ -33,7 +33,7 @@ make

If this is impractical for you, there is an [compiled x64 binary](https://github.com/Notselwyn/CVE-2024-1086/releases/download/v1.0.0/exploit) with the default config.

### running
### Running

Running the exploit is just as trivial:

Expand All @@ -55,14 +55,14 @@ perl -e '
'
```

## blogpost / write-up
## Blogpost / Write-up

A full write-up of the exploit can be found in the blogpost: ["Flipping Pages: An analysis of a new Linux vulnerability in nf_tables and hardened exploitation techniques"](https://pwning.tech/nftables/) @ pwning.tech

## patch
## Patch

For the fix/mitigation, check the [CVE-2024-1086 description](https://nvd.nist.gov/vuln/detail/CVE-2024-1086).

## disclaimer
## Disclaimer

The programs and scripts ("programs") in this software directory/folder/repository ("repository") are published, developed and distributed for educational/research purposes only. I ("the creator") do not condone any malicious or illegal usage of the programs in this repository, as the intend is sharing research and not doing illegal activities with it. I am not legally responsible for anything you do with the programs in this repository.

0 comments on commit 37b341e

Please sign in to comment.