-
Notifications
You must be signed in to change notification settings - Fork 13.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
linux/aarch64/shell_reverse_tcp: segment fault when run as normal user #16562
Comments
It seems because of the elf template. The elf template file is https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/util/exe.rb#L1183
This template file has same issue. executed by root user, seems ok.
executed by normal user, segment fault
|
This template file is located here:
|
Change the org to be 0x400000 may fix this issue |
Quick fix: replace the org 0 with org 0x400000, rebuilt as template_aarch64_linux.bin, and then replace the msf file |
try to fix it by #16569 |
resubmit by #16570 |
Amazing. Does https://github.com/rapid7/metasploit-framework/pull/16570/files fix the issue for you? |
Yes, please merge it. @timwr
It appears to be a kernel policy. https://stackoverflow.com/questions/63790813/allocating-address-zero-on-linux-with-mmap-fails |
Thanks for this. NULL page has not been mappable in Linux for about a decade. I'm not sure why zero was used. timwr will probably (?) be able to test and review this before I can. On the other hand, because the PR contains a compiled executable template, it may need to be merged be Rapid7 staff (not timwr or I). |
steps to reproduce:
1.generate reverse shell exploit by msfvenom:
msfvenom -a aarch64 --platform linux -p linux/aarch64/shell_reverse_tcp LHOST=127.0.0.1 LPORT=4444 -f elf > reserver.aarch64
2.run it as normal user, you will see:
What's more strange is that it works well when run it as root user
It works well when executed by root user:
But segfault when executed by normal user:
The text was updated successfully, but these errors were encountered: