支持本站 — 捐款将帮助我们持续运营

目标:1000 元,已筹:752

75.2%
立即捐款

POC详情: 06ddfdae339f674fc0aef4cd271414ad4b1944c0

来源
https://github.com/fathallah17/OverlayFS-CVE-2021-3493
关联漏洞
标题:Linux kernel 安全漏洞 (CVE-2021-3493)
描述:Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 linux kernel 存在安全漏洞,该漏洞源于非特权用户名称空间和Ubuntu内核中允许非特权覆盖的补丁的组合,攻击者可利用该漏洞可以使用它来获得更高的特权。
描述
Exploit a 2021 Kernel vulnerability in Ubuntu to become root almost instantly!
介绍
# OverlayFS — CVE-2021–3493 || Writeup || Tryhackme

![Capture22](https://github.com/user-attachments/assets/d4f88764-29bd-4a7a-8b46-85e55fa27be2)

## :open_book: Introduction

### What is OverlayFS.?
#### OverlayFS is a Linux kernel module that allows the system to combine several mount points into one, so that you can access all the files from each within one directory structure.

#### It’s often used by live USBs, or some other specialist applications. One use is having a read only root file system, and another partition “overlayed” with that to allow applications to write to a temporary file system.

#### More resources are included in the final task (Further reading) if you’d like to learn more about OverlayFS and this exploit.

  I have a very rough overview of what OverlayFS is — — →
> No Answer Needed

## CVE-2021–3493 — OverlayFS Exploit
### Credentials for SSH
```
Username: overlay
```
```
Password: tryhackme123
```
#### Start the Attack box and and login into the SSH using the credentials given in the task.
> Answer the questions below:

#### Deploy the machine with the Start Machine button in this task and wait up to 2 minutes for the VM to boot.
> No Answer Required.

#### SSH into the machine with the credentials provided in the task text.
> No Answer Rerquired

#### Grab the source code for the exploit from [SSD-Disclosure here](https://ssd-disclosure.com/ssd-advisory-overlayfs-pe/) and save it as exploit.c on the target machine.
> Go to the link provided and save the exploit as exploit.c using Vim editor or nano editor in the terminal.
#### Compile the exploit with gcc.
Compile the code using the command
```
 gcc -o exploit exploit.c
```
#### Run your compiled exploit, and get root!
```
./exploit
```
#### What’s the flag in /root/?
> bash-4.4# id <br>
> bash-4.4# cd /root/ <br>
> bash-4.4# cat flag.txt


## Happy Hacking..!!
文件快照

 [4.0K]  /data/pocs/06ddfdae339f674fc0aef4cd271414ad4b1944c0
└── [1.9K]  README.md

0 directories, 1 file
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。