Re: KVM troubles

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 11/27/2015 04:57 PM, Luna Moonbright wrote:
> Fantastic, I love that book and am wanting to get the rest of the way through it. I didn't realize it was such an issue in KVM. I think it works in virtual box, but it would be nice to get it installed on KVM so me and a few guys can set up a class on exploitation. 
> 
> I'll keep working on it to.

It's an old version of Ubuntu, so you could have a lot of fun poking at
vulnerabilities, especially if you don't do an apt-get update.

Coincidentally, this VM is vulnerable to my personal favorite
exploit--Shellshock.  That's something fun you can cover in your class.

kyle@hacking:~ $ env 'x=() { :;}; echo Vulnerable' bash -c 'echo Test'         
Vulnerable
Test
kyle@hacking:~ $                                                               

And if you set up a web server on the VM, you can demonstrate how to use
Shellshock to dump /etc/passwd by setting a malicious User-Agent. [0]

--Kyle

[0] http://blog.regehr.org/archives/1187

Attachment: signature.asc
Description: OpenPGP digital signature


[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux