Page 56 - index
P. 56
Also, for a more automated implementation, with the exception that we use the option -i in order
to go to a list of images to execute.
$ ./docker_build.py -c "curl https://shellshocker.net/shellshock_test.sh | bash" -i images.txt
In case you want to try testing again something specific for a container all you need to do is run:
$ docker ps -a # verify which is the image generated and use this id with docker_launcher in the option -t
$ ./docker_launcher.py -c "whoami" -t c92d6bf7-d559_debian:7.3
Case 2: Redhat Local Privilege Escalation CVE-2015-(3245,3246):
Last week two vulnerabilities were released that can be used to do a local privilege escalation
on redhat 6 and 7:
CVE-2015-3245 userhelper chfn() newline filtering
CVE-2015-3246 libuser passwd file handling
Let's try again the tool against this vulnerability in the following distribution rhel6.5', 'rhel7.0',
'rhel7.1', 'fedora:20 :
$ ./docker_build.py -i redhat_images.txt -d extras/docker/Dockerfile.redhat -c id # In this scenario I directly use a
specific dockerfile that runs the exploit (roothelper.c)
Distros: ['rhel6.5', 'rhel7.0', 'rhel7.1', 'fedora:20']
Start build docker: rhel6.5
...
Red Hat Enterprise Linux Server release 6.5 (Santiago)
CVE-2015-(3245,3246): VULNERABLE
...
Start build docker: rhel7.0
Red Hat Enterprise Linux Server release 7.0 (Maipo)
CVE-2015-(3245,3246): VULNERABLE
56 Cyber Warnings E-Magazine – August 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
