CVE-2018-1088 PoC — gluster 后置链接漏洞

Source

https://github.com/MauroEldritch/GEVAUDAN

Associated Vulnerability

Title:gluster 后置链接漏洞 (CVE-2018-1088)
Description:A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink.

Description

Exploit for Red Hat / GlusterFS CVE-2018-1088 & CVE-2018-1112, featured @ DEFCON 26, Las Vegas!

Readme

# GEVAUDAN

Gluster Environment Vulnerable AUthentication Data Access & Nuke.

## Getting Started

Gevaudan is a Red Hat GlusterFS exploit for CVEs 2018-1088 & 2018-1112.
Available in both standalone and metasploit module formats.

## Presentations
|#| Date | Conference |  Link to Video | Link to Slides |
|---|---|---|---|---|
|1|11-AGO-2018|DEFCON 26 Data Duplication Village| https://www.youtube.com/watch?v=8IyJjRVTMAk | https://drive.google.com/open?id=1O1Bk4iXlsmO8cq9aCvAv_TFIvsL-d2YzUZga5k_f_Xg |

### Running

Standalone:

```
ruby gevaudan.rb
```

Metasploit:

```
sudo mkdir -p $HOME/.msf4/modules/exploits/unix
mv metasploit/gluster_shared_storage.rb $HOME/.msf4/modules/exploits/unix/
msfconsole
```

File Snapshot


 [4.0K]  /data/pocs/2e263922f4570c9155a5bdccea0d8a56e809b07e
├── [1.3K]  chastel.rb
├── [ 502]  Dockerfile
├── [4.0K]  docs
│   ├── [ 36K]  Chastel.png
│   ├── [ 85K]  Gevaudan MSF3.png
│   └── [ 95K]  Gevaudan.png
├── [4.2K]  gevaudan.rb
├── [4.0K]  metasploit
│   └── [4.9K]  gluster_shared_storage.rb
└── [ 714]  README.md

2 directories, 8 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!