Tag:ubuntu

Tag (ubuntu)'s result:

ubuntu14安装MSF5

apt-get install somelibs apt-get install build-essential libreadline-dev libssl-dev libpq5 libpq-dev libreadline5 libsqlite3-dev libpcap-dev openjdk-7-jre git-core autoconf postgresql pgadmin3 curl zlib1g-dev libxml2-dev libxslt1-dev vncviewer libyaml-dev zlib1g-dev apt-get install libxml2-dev libxslt1-dev vncviewer libyaml-dev ruby1.9.3 ruby-dev apt-get install svn apt-get install nmap apt-get install rvm apt-get install libpq-dev apt-get install build-essential patch ruby-dev zlib1g-dev liblzma-dev apt-get install openssl ruby-openssl libssl-dev rbenv install 2.6.2 rbenv global 2.6.2   su postgres createuser msf -P -S -R -D createdb -O msf msf   git clone git://github.com/sstephenson/rbenv.git .rbenv echo ‘export PATH=”$HOME/.rbenv/bin:$PATH”‘ >> ~/.bashrc echo ‘eval “$(rbenv init -)”‘ >> ~/.bashrc git clone git://github.com/sstephenson/ruby-build.git ~/.rbenv/plugins/ruby-build echo ‘export PATH=”$HOME/.rbenv/plugins/ruby-build/bin:$PATH”‘ >> ~/.bashrc git clone git://github.com/dcarley/rbenv-sudo.git ~/.rbenv/plugins/rbenv-sudo   git clone https://github.com/rapid7/metasploit-framework.git cd metasploit-framework/ rvm –default use ruby-2.1.6@metasploit-framework cd metasploit-framework/ bash -c ‘for MSF in $(ls msf*); do ln -s /opt/metasploit-framework/$MSF /usr/local/bin/$MSF;done’ vim /opt/metasploit-framework/config/database.yml sh -c “echo export MSF_DATABASE_CONFIG=/opt/metasploit-framework/config/database.yml >> /etc/profile”   curl -# -o /tmp/armitage.tgz http://www.fastandeasyhacking.com/download/armitage150813.tgz tar -xvzf /tmp/armitage.tgz -C /opt ln -s /opt/armitage/armitage /usr/local/bin/armitage ln -s /opt/armitage/teamserver /usr/local/bin/teamserver sh -c “echo java -jar /opt/armitage/armitage.jar \$\* > /opt/armitage/armitage” perl -pi -e……

Ubuntu本地提权(CVE-2017-16995)漏洞重现

0x00 概述 2018年3月,网上爆出ubuntu本地提权漏洞CVE-2017-16995的exp,这个漏洞是ebpf验证器计算错误导致的任意内存读写,使得攻击者获取root权限,据说这个exp十分犀利,秒aws秒阿里。 该exp地址:http://cyseclabs.com/exploits/upstream44.c   0x01 影响范围 Ubuntu 内核4.14-4.4(据说debian也受影响,但本人未发现成功的案例)   0x02 漏洞重现 测试环境:ubuntu 16.04 kernel 4.4.0-105   0x03 修复方案 修改内核参赛限制普通用户对bpf2的调用 echo 1 > /proc/sys/kernel/unprivileged_bpf_disabled 升级内核版本到4.0-117   0x04 相关分析 若想深入了解该漏洞,可以参考以下资料 https://cert.360.cn/report/detail?id=ff28fc8d8cb2b72148c9237612933c11 https://xianzhi.aliyun.com/forum/topic/2212   0x05 参考资料 http://cyseclabs.com/exploits/upstream44.c www.freebuf.com/news/165608.html https://cert.360.cn/warning/detail?id=119f849891f2a1b5deef65f99923ab5a