{"id":27138212,"url":"https://github.com/r1b/cve-2017-13089","last_synced_at":"2025-04-08T04:45:57.214Z","repository":{"id":76002881,"uuid":"108590896","full_name":"r1b/CVE-2017-13089","owner":"r1b","description":"PoC for wget v1.19.1","archived":false,"fork":false,"pushed_at":"2018-02-02T11:30:04.000Z","size":8,"stargazers_count":52,"open_issues_count":0,"forks_count":15,"subscribers_count":4,"default_branch":"master","last_synced_at":"2024-11-21T17:42:41.946Z","etag":null,"topics":["cve-2017-13089","docker","security","wget"],"latest_commit_sha":null,"homepage":"https://hub.docker.com/r/robertcolejensen/cve201713089/","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/r1b.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-10-27T20:06:11.000Z","updated_at":"2024-09-21T14:08:17.000Z","dependencies_parsed_at":"2023-07-03T21:26:21.153Z","dependency_job_id":null,"html_url":"https://github.com/r1b/CVE-2017-13089","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/r1b%2FCVE-2017-13089","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/r1b%2FCVE-2017-13089/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/r1b%2FCVE-2017-13089/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/r1b%2FCVE-2017-13089/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/r1b","download_url":"https://codeload.github.com/r1b/CVE-2017-13089/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247779780,"owners_count":20994572,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cve-2017-13089","docker","security","wget"],"created_at":"2025-04-08T04:45:56.697Z","updated_at":"2025-04-08T04:45:57.207Z","avatar_url":"https://github.com/r1b.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# CVE-2017-13089\n\nwget v1.19.1 for exploit dev.\n\n## NOTE\n\nThis is not a working exploit - under development.\n\n## Usage\n\n```bash\n# Build the container\ndocker build -t cve201713089 .\n# OR ...\ndocker pull robertcolejensen/cve201713089\n\n# Play around in the container, `src` will be mounted at `/opt/CVE-2017-13089/src`\n./run.sh\n\n# Develop an exploit, runs `gdb` with external debugging symbols loaded\n./run.sh dev\n\n# Run the included DoS PoC\n./run.sh dos\n\n# Run the included exploit PoC (wip)\n./run.sh exploit\n```\n\n## Notes\n\nFor maximum **FUN** I have done the following:\n\n* Enabled executable stack flag in wget: `execstack -s /usr/local/bin/wget`\n* Disabled stack canaries in wget: `CFLAGS=\"-fno-stack-protector $CFLAGS\"`\n* Disabled ASLR on the docker host: `docker-machine ssh security-vm 'sudo sysctl -w kernel.randomize_va_space=0'`\n* Generated external debug symbols for exploit dev\n\nYou should duplicate the ASLR change on your own Docker host - the other changes\nare in the Dockerfile.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fr1b%2Fcve-2017-13089","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fr1b%2Fcve-2017-13089","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fr1b%2Fcve-2017-13089/lists"}