CVE-2024-48208 – CVE Helper

README.md
Rendering markdown...
POC / Dockerfile
⬇ Raw GitHub ✕ Close
# Dockerfile
FROM debian:bookworm-slim

# Install build dependencies
RUN apt-get update && apt-get install -y \
    build-essential \
    wget \
    openssh-server \
    gdb \
    git \
    python3.10 \
    python3-pip \
    python3-dev \
    python3-venv \
    libssl-dev \
    libffi-dev \
    curl \
    sed \
    && rm -rf /var/lib/apt/lists/*

# Install Poetry
RUN curl -sSL https://install.python-poetry.org | python3 - \
    && ln -s /root/.local/bin/poetry /usr/local/bin/poetry

# Configure SSH
RUN mkdir /var/run/sshd \
    && echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config \
    && echo 'PasswordAuthentication yes' >> /etc/ssh/sshd_config \
    && echo 'root:password' | chpasswd

# Install pwndbg
RUN cd /opt \
    && git clone https://github.com/pwndbg/pwndbg \
    && cd pwndbg \
    && python3 -m venv .venv \
    && . .venv/bin/activate \
    && ./setup.sh \
    && echo 'source /opt/pwndbg/gdbinit.py' >> /root/.gdbinit

# Copy modified version of pure-ftpd (smaller buffer size)
COPY pureftpd/pure-ftpd-1.0.50.tar.gz /tmp

# Download and compile pure-ftpd
WORKDIR /tmp
RUN tar -xvf pure-ftpd-1.0.50.tar.gz \
    && cd pure-ftpd-1.0.50 \
    && chmod +x configure \
    && ./configure --with-puredb --with-virtualchroot --with-everything \
    && make \
    && make install \
    && cd .. \
    && rm -rf pure-ftpd-1.0.50*

# WORKDIR /tmp
# RUN wget https://github.com/jedisct1/pure-ftpd/releases/download/1.0.50/pure-ftpd-1.0.50.tar.gz \
#     && tar -xvf pure-ftpd-1.0.50.tar.gz \
#     && cd pure-ftpd-1.0.50 \
#     && ls -Alt \
#     && chmod +x configure \
#     && sed -i '305s/.*/static char replybuf[55U];/' src/ftpd.c \
#     && sed -i '4865s/.*/\tint display_banner = 0;/' src/ftpd.c \
#     && ./configure --with-puredb --with-virtualchroot \
#     && make \
#     && make install \
#     && cd .. \
#     && rm -rf pure-ftpd-1.0.50*

# configure the username + password
RUN groupadd chroot \
    && useradd -m -d /home/bob -g chroot -s /bin/bash bob \
    && useradd -m -d /home/eve -g chroot -s /bin/bash eve

RUN echo "bob:password0" | chpasswd \
    && echo "eve:password1" | chpasswd \
    && chown root:root /home/bob \
    && chown root:root /home/eve \
    && chmod 0755 -R /home/bob \
    && chmod 0755 -R /home/eve

# makes some files with explict permissions
RUN mkdir -p /home/bob/dev/ \
&& cd /home/bob/dev/ \
&& mknod -m 666 null c 1 3 \
&& mknod -m 666 tty c 5 0 \
&& mknod -m 666 zero c 1 5 \
&& mknod -m 666 random c 1 8

# copy pwntool script into eve
COPY pure.py /home/eve

# install pwntools
RUN apt install python3-pwntools -y

# set users into pure-db
RUN yes "password0" | pure-pw useradd bob -u bob -d /home/bob/home \
    && yes "password1" | pure-pw useradd eve -u eve -d /home/eve/home \
    && pure-pw mkdb

EXPOSE 21 22 30000-30009

# run both services
RUN echo '#!/bin/bash\n \
/usr/sbin/sshd -D &\n \
/usr/local/sbin/pure-ftpd -A -E -j -l puredb:/etc/pureftpd.pdb\n \
' > /start.sh && chmod +x /start.sh

CMD ["/start.sh"]