Skip to content
/ PoC-Exploitchain-GS-VBox-DirtyCow- Public

Exploitchain of my livedemo from my Security Expedition in b0rkenland talk

2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Hetti/PoC-Exploitchain-GS-VBox-DirtyCow-

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
README.md
README.md
 
 
SecurityExpedition_35c3.pdf
SecurityExpedition_35c3.pdf
 
 
exploit.py
exploit.py
 
 
exploitchain.sh
exploitchain.sh
 
 

Repository files navigation

PoC-Exploitchain-GS-VBox-DirtyCow-

Exploitchain of my livedemo from my Security Expedition in b0rkenland talk

TODO

Add example Exploit Files

This Exploit Chain consists of the Following Exploits:

  1. Ghostcript RCE CVE-2018-16802
  2. Virtualbox Escape - CVE CVE-2018-2844
  3. Dirty Cow - CVE-2016-5195

Machine Setup

Host System: Ubuntu 16.04.4 – unpatched

VirtualBox 5.2.6.r120293

Guest System: Debian 9 with GUI – somehow patched

Selfwritten Exploitchain

  • Python
  • Bash
  • (modified) available PoCs

Used Ressources

Ghostcript RCE CVE-2018-16802

Check out the following Seclist Mailthread: https://seclists.org/oss-sec/2018/q3/158

Virtualbox Escape - CVE CVE-2018-2844

Mitre Link: https://www.cvedetails.com/cve/CVE-2018-2844/

Blogpost: https://www.voidsecurity.in/2018/08/from-compiler-optimization-to-code.html

Used PoC Code: https://github.com/renorobert/virtualbox-cve-2018-2844

Dirty Cow - CVE-2016-5195

Used PoC Code: https://github.com/gbonacini/CVE-2016-5195

About

Exploitchain of my livedemo from my Security Expedition in b0rkenland talk

Resources

Readme
Activity

Stars

2 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages