https://github.com/r1b/cve-2017-13089
PoC for wget v1.19.1
https://github.com/r1b/cve-2017-13089
cve-2017-13089 docker security wget
Last synced: 6 months ago
JSON representation
PoC for wget v1.19.1
- Host: GitHub
- URL: https://github.com/r1b/cve-2017-13089
- Owner: r1b
- Created: 2017-10-27T20:06:11.000Z (almost 8 years ago)
- Default Branch: master
- Last Pushed: 2018-02-02T11:30:04.000Z (over 7 years ago)
- Last Synced: 2024-11-21T17:42:41.946Z (11 months ago)
- Topics: cve-2017-13089, docker, security, wget
- Language: Shell
- Homepage: https://hub.docker.com/r/robertcolejensen/cve201713089/
- Size: 7.81 KB
- Stars: 52
- Watchers: 4
- Forks: 15
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# CVE-2017-13089
wget v1.19.1 for exploit dev.
## NOTE
This is not a working exploit - under development.
## Usage
```bash
# Build the container
docker build -t cve201713089 .
# OR ...
docker pull robertcolejensen/cve201713089
# Play around in the container, `src` will be mounted at `/opt/CVE-2017-13089/src`
./run.sh
# Develop an exploit, runs `gdb` with external debugging symbols loaded
./run.sh dev
# Run the included DoS PoC
./run.sh dos
# Run the included exploit PoC (wip)
./run.sh exploit
```
## Notes
For maximum **FUN** I have done the following:
* Enabled executable stack flag in wget: `execstack -s /usr/local/bin/wget`
* Disabled stack canaries in wget: `CFLAGS="-fno-stack-protector $CFLAGS"`
* Disabled ASLR on the docker host: `docker-machine ssh security-vm 'sudo sysctl -w kernel.randomize_va_space=0'`
* Generated external debug symbols for exploit dev
You should duplicate the ASLR change on your own Docker host - the other changes
are in the Dockerfile.