Hello,
I’ve been testing your CVE-2023-0179-PoC and encountered an issue. The program executes as expected and indicates that it has created a new user “needle”. However, when I check /etc/passwd, the new user is not listed.
Here are the steps I followed and the output I received:
student@mohamed:~/CVE-2023-0179-PoC$ ./needle
[+] Dropping into network namespace
Choose an option:
- Leak kernel TEXT address and regs address
- Run the exploit
2
[+] Setting up the network namespace environment
[+] Created table mytable
[+] Created base chain base_chain
[+] Created exploit chain base_chain
[+] Created exploit set
[+] Created base chain rule
[+] offset: 19 & len: 4 & ethlen = 231
[+] Successfully created exploit chain rule!
[+] Found regs address: 0xffff
[+] Found instr address: 0xffff
[+] KASLR slide: 0x7e3e305e
[+] Inserting the needle into address 0xffff
[+] Created nft exploit_table
[+] Created base chain base_chain
[+] Created final chain final_chain
[+] Created jmp chain 0
[+] Created jmp chain 1
[+] Created jmp chain 2
[+] Created jmp chain 3
[+] Created jmp chain 4
[+] Created jmp chain 5
[+] Created jmp chain 6
[+] Successfully created base_chain rule!
[+] Successfully created jmp chain rule!
[+] Successfully created jmp chain rule!
[+] Successfully created jmp chain rule!
[+] Successfully created jmp chain rule!
[+] Successfully created jmp chain rule!
[+] Successfully created jmp chain rule!
[+] Successfully created jmp chain rule!
[+] offset: 19 & len: 4 & ethlen = 231
[+] Successfully created exploit chain rule!
[+] Exploit triggered
[+] Returned to userland, setting up for fake modprobe
[+] Got root, you can now login as "needle:needle"
student@mohamed:/CVE-2023-0179-PoC$ grep needle /etc/passwd
student@mohamed:/CVE-2023-0179-PoC$
As you can see, the grep command does not return any output, indicating that the user “needle” was not created.
I tested it on 6.1.0, 6.1.6 6.1.6.64 and 6.2 kernel version in ubuntu 22.04
Could you please provide some guidance on this issue? Any help would be greatly appreciated.
Best regards
Mohamed
Hello,
I’ve been testing your CVE-2023-0179-PoC and encountered an issue. The program executes as expected and indicates that it has created a new user “needle”. However, when I check /etc/passwd, the new user is not listed.
Here are the steps I followed and the output I received:
student@mohamed:~/CVE-2023-0179-PoC$ ./needle
[+] Dropping into network namespace
Choose an option:
2
[+] Setting up the network namespace environment
[+] Created table mytable
[+] Created base chain base_chain
[+] Created exploit chain base_chain
[+] Created exploit set
[+] Created base chain rule
[+] offset: 19 & len: 4 & ethlen = 231
[+] Successfully created exploit chain rule!
[+] Found regs address: 0xffff
[+] Found instr address: 0xffff
[+] KASLR slide: 0x7e3e305e
[+] Inserting the needle into address 0xffff
[+] Created nft exploit_table
[+] Created base chain base_chain
[+] Created final chain final_chain
[+] Created jmp chain 0
[+] Created jmp chain 1
[+] Created jmp chain 2
[+] Created jmp chain 3
[+] Created jmp chain 4
[+] Created jmp chain 5
[+] Created jmp chain 6
[+] Successfully created base_chain rule!
[+] Successfully created jmp chain rule!
[+] Successfully created jmp chain rule!
[+] Successfully created jmp chain rule!
[+] Successfully created jmp chain rule!
[+] Successfully created jmp chain rule!
[+] Successfully created jmp chain rule!
[+] Successfully created jmp chain rule!
[+] offset: 19 & len: 4 & ethlen = 231
[+] Successfully created exploit chain rule!
[+] Exploit triggered
[+] Returned to userland, setting up for fake modprobe
[+] Got root, you can now login as "needle:needle"
student@mohamed:
/CVE-2023-0179-PoC$ grep needle /etc/passwd/CVE-2023-0179-PoC$student@mohamed:
As you can see, the grep command does not return any output, indicating that the user “needle” was not created.
I tested it on 6.1.0, 6.1.6 6.1.6.64 and 6.2 kernel version in ubuntu 22.04
Could you please provide some guidance on this issue? Any help would be greatly appreciated.
Best regards
Mohamed