This repository attempts to implement the following exploits for Govware 2019:
- Oracle WebLogic Server CVE-2019-2725
- Docker Runc CVE-2019-5736
with
docker
containers.
Prequisites for all exploits:
- Install
docker
anddocker-compose
Instructions for Running demos:
- Change directory to exploit (see Project Structure)
cd <exploit dir>
- Download docker images
docker-compose pull
- Bring up the stack
docker-compose up
- On another terminal, access the attacker machine using:
docker-compose exec attacker
- Exploit
The project is structured as follows:
weblogic/
- A Oracle WebLogic Server CVE-2019-2725containers/
- containers used in the exploitattacker/
- attacker containervictim/
- victim container
docker/
- Docker Runc CVE-2019-5736containers/
- containers used in the exploitattacker/
- attacker containervictim/
- victim container