Open in app

Sign in

Write

Sign in

Cross Distribution Exploit Testing: 2 Part

Faraday News
Faraday
Published in
2 min readSep 18, 2015

Last month we published a post about a tool we were using:
http://github.com/infobyte/distro_checker

One of the things that limited us a bit the first time around was that we were working with Docker. Not all the vulnerabilities can be tested using the first version of the tool, because kernel’s related problems can’t be exploited inside Docker.

To improve upon this, we made some changes and we incorporated Vagrant, which lets us try basically any vulnerability as we already have a complete virtual environment.

Example:
In the following example, we would execute the “id” command within the different VMs, specifying the variable “distros”.

./vagrant_build.py -c id

We have to run this command in the following distros:

distros = [
{‘name’ :’centos/7',
‘url’:’https://atlas.hashicorp.com/centos/7',
‘provider’:’virtualbox’},

{‘name’ :’ubuntu/vivid64',
‘url’:’https://atlas.hashicorp.com/ubuntu/vivid64',
‘provider’:’virtualbox’},

{‘name’ :’ubuntu/trusty64',
‘url’:’https://atlas.hashicorp.com/ubuntu/trusty64',
‘provider’:’virtualbox’},

{‘name’ :’debian/jessie64',
‘url’:’https://atlas.hashicorp.com/debian/jessie64',
‘provider’:’virtualbox'},
{‘name’ :’debian/wheezy64',
‘url’:’https://atlas.hashicorp.com/debian/wheezy64',
‘provider’:’virtualbox’},
]

Demo:
In the following demo we will use the exploit ofs.c for the vulnerability CVE-2015–1328 in different distributions of Ubuntu:

https://atlas.hashicorp.com/sincerely/trusty64
https://atlas.hashicorp.com/puphpet/ubuntu1204-x64
https://atlas.hashicorp.com/ubuntu/trusty64

We are going to use other repositories except for the last one as Ubuntu already has the last parches in its VM.
This new version we can find in
http://github.com/infobyte/distro_checker

Clean:
After a few tests, it’s important not forget the following commands so you can do cleanings:

$ vagrant box list #list of vms in our local repository
$ vagrant box remove “vmname” #eliminates the specific vm

$ vagrant destroy #eliminates vm for the local directory, if por some reason we were to cancel the executtion of vagrant_build.py, we recommend running this command as it possible that there still is a VM in the repository.

This tool can also be used (like we did in our case) for doing cross distribution testing for functionalities, installation and for setting up Faraday in different environments

Hopefully you found this useful.
Best,

Continuous Integration
Docker
English
Exploit
Faraday

--

--

Faraday News
Faraday

Written by Faraday News

26 Followers
Editor for

Collaborative Penetration Test and Vulnerability Management

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams