vu1nt0tal / iot-vulhub Goto Github PK
View Code? Open in Web Editor NEWIoT固件漏洞复现环境
Home Page: https://vulntotal-team.github.io/IoT-vulhub/
License: GNU General Public License v3.0
IoT固件漏洞复现环境
Home Page: https://vulntotal-team.github.io/IoT-vulhub/
License: GNU General Public License v3.0
这些镜像都没有了,申请重新上传一下吧。
"firmianay/ubuntu1604"
"firmianay/gdbserver"
"firmianay/qiling"
"firmianay/binwalk"
"firmianay/binwalk:noentry" # 作为 firmadyne 和 firmae 的基础镜像
"firmianay/firmadyne"
"firmianay/firmae"
"firmianay/qemu-user-static"
"firmianay/qemu-system:arm"
"firmianay/qemu-system:mips"
"firmianay/qemu-system:mipsel"
[internal] load metadata for docker.io/firmianay/qemu-system:mipsel:
ERROR: failed to solve: firmianay/qemu-system:mipsel: pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed
ERROR: Service 'system-emu' failed to build : Build failed
firmianay/qemu-system:mipsel
请问师父这个是不是没了,
项目中的"firmianay/firmadyne好像在dockerhub中拉取不到了,是删掉了吗?
Building firmadyne-emu
Sending build context to Docker daemon 26.1MB
Step 1/6 : FROM firmware/firmadyne
pull access denied for firmware/firmadyne, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
ERROR: Service 'firmadyne-emu' failed to build : Build failed
the docker build should be
docker build -t firmianay/firmae .
not
docker build firmianay/firmae .
将Ubuntu从16.04升级到18.04(保持python2的兼容性)或者一步到位20.04(仅支持python3,需重写部分exp),可能需要做大量测试工作,特开此帖白嫖PR :)
is the firmianay existing in dockerhub?Ididn't find it...
昨晚复现这个脚本的时候,发现诸多问题,在咨询原作者后,主要针对复现中可能遇到的几个问题做下解释:
2、脚本中的断点位置不对,需要断在漏洞函数里,而不是漏洞函数返回后的地址,也就是0x41db40
改为 0x41d3f0
3、如果是最新的qiling 1.3 dev0的话,原作者告诉我原PoC需要修改为以下代码:
ql.mem.write(sysinfo_info, b"AAAA") # uptime
regreturn = 0
ql.log.info("sysinfo(0x%x)=%d"%(sysinfo_info,regreturn))
return regreturn
以上问题原作者也会更新博客,我只是个搬运工。。
初始化环境(arm/mips/mipsel)
$ ./init_env.sh xxxx
请教大佬 这步要怎么执行啊 我在文件夹里没有找到这个脚本啊
dlink实验中,这里的“$ docker run --rm -v $PWD/firmware/:/root/firmware firmianay/binwalk -Mer "/root/firmware/DIR822A1_FW103WWb03.bin"”是有问题的吧。
执行run.sh的时候,通过extractor.py提取固件,这里通过docker run xxx/binwalk预先提取了固件,感觉重复了吧。
环境:
D-Link/CVE-2019-17621
我构建好了所有的镜像,然后按照教程启动容器时候,发现报错exited with code 0
:~/IoT-vulhub/D-Link/CVE-2019-17621$ docker-compose -f docker-compose-firmae.yml up
Creating dlink-firmae ... done
Attaching to dlink-firmae
dlink-firmae |
dlink-firmae | Scan Time: 2021-08-03 10:52:55
dlink-firmae | Target File: /bin/sh
dlink-firmae | MD5 Checksum: e02ea3c3450d44126c46d658fa9e654c
dlink-firmae | Signatures: 411
dlink-firmae |
dlink-firmae | DECIMAL HEXADECIMAL DESCRIPTION
dlink-firmae | --------------------------------------------------------------------------------
dlink-firmae | 0 0x0 ELF, 64-bit LSB shared object, AMD x86-64, version 1 (SYSV)
dlink-firmae | 121509 0x1DAA5 Unix path: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
dlink-firmae |
dlink-firmae |
dlink-firmae | Scan Time: 2021-08-03 10:52:55
dlink-firmae | Target File: /root/run.sh
dlink-firmae | MD5 Checksum: 9a755098ab0058be71245bf6063fc25d
dlink-firmae | Signatures: 411
dlink-firmae |
dlink-firmae | DECIMAL HEXADECIMAL DESCRIPTION
dlink-firmae | --------------------------------------------------------------------------------
dlink-firmae | 0 0x0 Executable script, shebang: "/bin/bash"
dlink-firmae | 33 0x21 Unix path: /etc/init.d/ssh start
dlink-firmae |
dlink-firmae exited with code 0
在Dlink文件下的sudo docker-compose -f docker-compose-qiling.yml up
出现了“dlink-qiling exited with code 0”的问题
请问qiling这个模拟环境是否需要添加其他的额外依赖呢?
您好,这个CVE2020-3331 tools文件夹下是不是少个msf文件
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.