Skip to content

Implement automatic verification of CVE exploitation #2

New issue
New issue
Open
Open
Implement automatic verification of CVE exploitation#2
@olegbck

Description

@olegbck
olegbck
opened on Nov 6, 2024

Currently, there is no method to verify whether a CVE has been successfully exploited. A solution would be to introduce the mandatory parameter "verify" to cvex.yml with a string that CVEX would have to find in logs (outputs of commands, pcaps, strace logs, ProcessMonitor logs):

blueprint: windows10-windows10
windows1:
  trace: "nginx"
  playbook: "windows1.yml"
  verify: "string to find in logs of windows1"
windows2:
  command: "curl https://windows1/index.html?cat=(select*from(select(sleep(15)))a)"
  verify: "string to find in logs of windows2"

For example, "verify" can be:

  • "is vulnerable" that would print an exploit
  • "uid=0(root) gid=0(root) groups=0(root)" that would print an exploit
  • "root:x:0:0:root:/root:/bin/bash" that would be present in the pcap when an exploit downloads /etc/passwd

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions