Cross Distribution Exploit Testing: 2 Part


Last month we published a post about a tool we were using:
http://github.com/infobyte/distro_checker

One of the things that limited us a bit the first time around was that we were working with Docker. Not all the vulnerabilities can be tested using the first version of the tool, because kernel's related problems can't be exploited inside Docker.

To improve upon this, we made some changes and we incorporated Vagrant, which lets us try basically any vulnerability as we already have a complete virtual environment.

Example:
In the following example, we would execute the "id" command within the different VMs, specifying the variable "distros".

./vagrant_build.py -c id

We have to run this command in the following distros:

distros = [
           {'name' :'centos/7',
            'url':'https://atlas.hashicorp.com/centos/7',
            'provider':'virtualbox'},

           {'name' :'ubuntu/vivid64',
            'url':'https://atlas.hashicorp.com/ubuntu/vivid64',
            'provider':'virtualbox'},

           {'name' :'ubuntu/trusty64',
            'url':'https://atlas.hashicorp.com/ubuntu/trusty64',
            'provider':'virtualbox'},
                                    
           {'name' :'debian/jessie64',
            'url':'https://atlas.hashicorp.com/debian/jessie64',
            'provider':'virtualbox'},
           {'name' :'debian/wheezy64',
            'url':'https://atlas.hashicorp.com/debian/wheezy64',
            'provider':'virtualbox'},
          ]

Demo:
In the following demo we will use the exploit ofs.c for the vulnerability CVE-2015-1328 in different distributions of Ubuntu:

https://atlas.hashicorp.com/sincerely/trusty64
https://atlas.hashicorp.com/puphpet/ubuntu1204-x64
https://atlas.hashicorp.com/ubuntu/trusty64

We are going to use other repositories except for the last one as Ubuntu already has the last parches in its VM.
This new version we can find in
http://github.com/infobyte/distro_checker

Clean:
After a few tests, it's important not forget the following commands so you can do cleanings:

$ vagrant box list  #list of vms in our local repository
$ vagrant box remove "vmname" #eliminates the specific vm
$ vagrant destroy #eliminates vm for the local directory, if por some reason we were to cancel the executtion of vagrant_build.py, we recommend running this command as it possible that there still is a VM in the repository.


This tool can also be used (like we did in our case) for doing cross distribution testing for functionalities, installation and for setting up Faraday in different environments

Hopefully you found this useful.
Best,
Post a Comment
Thanks for your comment