metarget
metarget copied to clipboard
Metarget
Metarget is a framework providing automatic constructions of vulnerable infrastructures.
Ubuntu 18.04.6系统,安装最新的Metarget,搭建CVE-2020-15257成功:  但通过CDK反弹Shell报错如下: ``` aaa@ubuntu:~/Downloads$ docker run -itd --net=host ubuntu /bin/bash 76930ffb13c0f84f22d925c810f552855567174b727b84dc9af1a731bcbe084c sbw@ubuntu:~/Downloads$ aaa@ubuntu:~/Downloads$ aaa@ubuntu:~/Downloads$ docker cp cdk_linux_amd64 76:/ aaa@ubuntu:~/Downloads$ aaa@ubuntu:~/Downloads$ docker exec -it 76 /bin/bash root@ubuntu:/# chmod +x...
sudo ./metarget cnv remove cve-2022-0847 cve-2022-0847 is going to be removed warning: removal of vulnerabilities in class kernel is unsupported
尝试提供CVE-2021-25741的write-up 
install cve-2022-0492 ```bash ./metarget cnv install cve-2022-0492 --verbose ``` after reboot ```bash uname -a Linux metarget2 5.8.0-050800rc1-generic #202007141143 SMP Tue Jul 14 11:45:39 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux ```...
程序无法安装 ./metarget gadget install k8s --version 1.16.5 k8s version 中的 kubeadm启动的命令限制 docker 18.3 版本。但是官方已经不支持了。没办法安装
当我利用metarget安装cve-2017-1000112的环境后,利用编译后的poc仍然无法完成逃逸。 ``` [In Docker] uname -a Linux 7c17882c97af 4.8.0-34-generic #36~16.04.1-Ubuntu SMP Wed Dec 21 18:55:08 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux ./poc [^] starting [=] running KASLR defeat exploit (CVE-2017-18344)...
I0221 13:57:13.840507 30726 request.go:968] Response Body: {"kind":"Pod","apiVersion":"v1","metadata":{"name":"privileged-container","namespace":"metarget","selfLink":"/api/v1/namespaces/metarget/pods/privileged-container","uid":"a412bbad-8fbe-46c3-99d3-dc5bb11d316c","resourceVersion":"5737","creationTimestamp":"2023-02-21T05:05:28Z","annotations":{"kubectl.kubernetes.io/last-applied-configuration":"{\"apiVersion\":\"v1\",\"kind\":\"Pod\",\"metadata\":{\"annotations\":{},\"name\":\"privileged-container\",\"namespace\":\"metarget\"},\"spec\":{\"containers\":[{\"args\":[\"while true; do sleep 30; done;\"],\"command\":[\"/bin/bash\",\"-c\",\"--\"],\"image\":\"ubuntu:latest\",\"imagePullPolicy\":\"IfNotPresent\",\"name\":\"ubuntu\",\"securityContext\":{\"privileged\":true}}]}}\n"}},"spec":{"volumes":[{"name":"default-token-jvrqh","secret":{"secretName":"default-token-jvrqh","defaultMode":420}}],"containers":[{"name":"ubuntu","image":"ubuntu:latest","command":["/bin/bash","-c","--"],"args":["while true; do sleep 30; done;"],"resources":{},"volumeMounts":[{"name":"default-token-jvrqh","readOnly":true,"mountPath":"/var/run/secrets/kubernetes.io/serviceaccount"}],"terminationMessagePath":"/dev/termination-log","terminationMessagePolicy":"File","imagePullPolicy":"IfNotPresent","securityContext":{"privileged":true}}],"restartPolicy":"Always","terminationGracePeriodSeconds":30,"dnsPolicy":"ClusterFirst","serviceAccountName":"default","serviceAccount":"default","nodeName":"test-virtual-machine","securityContext":{},"schedulerName":"default-scheduler","tolerations":[{"key":"node.kubernetes.io/not-ready","operator":"Exists","effect":"NoExecute","tolerationSeconds":300},{"key":"node.kubernetes.io/unreachable","operator":"Exists","effect":"NoExecute","tolerationSeconds":300}],"priority":0,"enableServiceLinks":true},"status":{"phase":"Pending","conditions":[{"type":"Initialized","status":"True","lastProbeTime":null,"lastTransitionTime":"2023-02-21T05:05:28Z"},{"type":"Ready","status":"False","lastProbeTime":null,"lastTransitionTime":"2023-02-21T05:05:28Z","reason":"ContainersNotReady","message":"containers with unready status: [ubuntu]"},{"type":"ContainersReady","status":"False","lastProbeTime":null,"lastTransitionTime":"2023-02-21T05:05:28Z","reason":"ContainersNotReady","message":"containers with unready status: [ubuntu]"},{"type":"PodScheduled","status":"True","lastProbeTime":null,"lastTransitionTime":"2023-02-21T05:05:28Z"}],"hostIP":"192.168.159.204","podIP":"10.244.0.5","podIPs":[{"ip":"10.244.0.5"}],"startTime":"2023-02-21T05:05:28Z","containerStatuses":[{"name":"ubuntu","state":{"waiting":{"reason":"ImagePullBackOff","message":"Back-off pulling image \"ubuntu:latest\""}},"lastState":{},"ready":false,"restartCount":0,"image":"ubuntu:latest","imageID":"","started":false}],"qosClass":"BestEffort"}} I0221 13:57:13.845361...
