Nytro Posted November 20, 2013 Report Posted November 20, 2013 CSAW CTF 2013 Kernel Exploitation ChallengeTable of ContentsIntroduction Understanding the Code Tracing the Vulnerable Code Path Leveraging the Vulnerability Circumventing Additional Obstacles Achieving Local Privilege Escalation Exploit Proof of Concept Bonus Points Introduction CSAW CTF 2013 was last weekend, and this year I was lucky enough to be named a judge for the competition. I decided to bring back the Linux kernel exploitation tradition of previous years and submitted the challenge “Brad Oberberg.” Four of the 15 teams successfully solved the challenge. Each team was presented with unprivileged access to a live VM running 32-bit Ubuntu 12.04.3 LTS. The vulnerable kernel module csaw.ko was loaded on each system, and successful exploitation would allow for local privilege escalation and subsequent reading of the flag. Source code to the kernel module was provided to each team, and may be viewed below (or downloaded here).Sursa: CSAW CTF 2013 Kernel Exploitation Challenge | Michael Coppola's BlogE cu rezolvari. Quote
Nytro Posted November 24, 2013 Author Report Posted November 24, 2013 l-a incercat cineva?Da, merge pe toate versiunile de kernel. Am incercat pe CentOS, RedHat si Arch si pe 32 si pe 64 de biti. Adica merge pe toate, de aia ii zice "CTF". Iei root pe orice. Quote
l3tmeb3 Posted November 25, 2013 Report Posted November 25, 2013 Il incerc pe masina virtual insa cand ii dau "gcc -o solution.c solution", imi apar urmatoarele :z3d@ubuntu:~$ g++ -o solution.c solutiong++: error: solution: No such file or directoryg++: fatal error: no input filescompilation terminated.z3d@ubuntu:~$ Any ideea ? Quote
Nytro Posted November 25, 2013 Author Report Posted November 25, 2013 Asta e gen:http://google.ro wgetDai comanda:g++ --helpSi vezi ce inseamna "-o" ala.PS: L-am pus din greseala in aceasta categorie, dar acum vedem si noi cine reuseste sa "rooteze" ceva Quote
l3tmeb3 Posted November 25, 2013 Report Posted November 25, 2013 (edited) ok, 10x ps : multi "nepriceputi" ca sa nu zic pr... , care fac pe desteptii . Edited December 2, 2013 by l3tmeb3 Quote
zin0 Posted November 28, 2013 Report Posted November 28, 2013 care are bunavointa sa il posteze gata facut pt 32 si 64, Quote
aelius Posted November 28, 2013 Report Posted November 28, 2013 (edited) Cred ca nu toti au inteles cum functioneaza. Csaw este un modul kernel care odata incarcat permite escaladarea privilegiilor. csaw.ko (the fucking kernel module) nu exista default pe linux, el este un "sukit" si face exact ce am spus: permite escaladarea privilegiilor cu ajutorul acelui exploit (adica poti oricand sa obtii drepturi de super user, atata timp cat modulul este incarcat in kernel)// sidenote:- modul kernel = LKM (loadable kernel module)- incarcare / inserare (modprobe/insmod)- vizualizare module kernel incarcate (lsmod)Hai ca nu e greu, pe cuvant. NU ne mai invadati cu cerinte, chestia este un proof of concept, nu este destinata celor care dau cu scanul si fac psybnc-uri pe servere sparte.// offtopic:@l3tmeb3: cc brain.c -o brain ; de aici:-o <file> Place the output into <file> Edited November 28, 2013 by aelius Quote
