Exploitchain of my livedemo from my Security Expedition in b0rkenland talk
Add example Exploit Files
This Exploit Chain consists of the Following Exploits:
- Ghostcript RCE CVE-2018-16802
- Virtualbox Escape - CVE CVE-2018-2844
- Dirty Cow - CVE-2016-5195
Host System: Ubuntu 16.04.4 – unpatched
VirtualBox 5.2.6.r120293
Guest System: Debian 9 with GUI – somehow patched
Selfwritten Exploitchain
- Python
- Bash
- (modified) available PoCs
Check out the following Seclist Mailthread: https://seclists.org/oss-sec/2018/q3/158
Mitre Link: https://www.cvedetails.com/cve/CVE-2018-2844/
Blogpost: https://www.voidsecurity.in/2018/08/from-compiler-optimization-to-code.html
Used PoC Code: https://github.com/renorobert/virtualbox-cve-2018-2844
Used PoC Code: https://github.com/gbonacini/CVE-2016-5195