Skip to content

0day VirtualBox 6.1.2 Escape for RealWorld CTF 2020/2021 CVE-2021-2119

License

Notifications You must be signed in to change notification settings

Sauercloud/RWCTF21-VirtualBox-61-escape

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

RWCTF21-VirtualBox-61-escape

0day VirtualBox 6.1 Escape for RealWorld CTF 2020/2021

Demo

Exploit Demo

What?

This is our solution for RealWorld CTF's "Box Escape" challenge from the 2020/2021 quals. Currently a 0day but we'll add the CVE number once there is one. CVE-2021-2119

How does it work?

We wrote a blogpost describing the vulnerabilities and our exploit techniques. You can find it here.

How to protect yourself?

Until the release build of VirtualBox is patched disable SCSI.

Credits

Writing this exploit was a joint effort of a bunch of people.

  • ESPR's spq, tsuro and malle who don't need an introduction :D

  • My ALLES! teammates and windows experts Alain Rödel aka 0x4d5a and Felipe Custodio Romero aka localo

  • niklasb for his prior work and for some helpful pointers!

"A ROP chain a day keeps the doctor away. Immer dran denken, hat mein Opa immer gesagt."

~ Niklas Baumstark (2021)

  • myself, Ilias Morad aka A2nkF :)

I had the pleasure of working with this group of talented people over the course of multiple sleepless nights and days during and even after the CTF was already over just to get the exploit working properly on a release build of VirtualBox and to improve stability. This truly shows what a small group of dedicated people is able to achieve in an incredibly short period of time if they put their minds to it! I'd like to thank every single one of you :D

About

0day VirtualBox 6.1.2 Escape for RealWorld CTF 2020/2021 CVE-2021-2119

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published