Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-8115 PoC — Microsoft Windows Host Compute Service Shim 安全漏洞

Source
https://github.com/aquasecurity/scan-cve-2018-8115
Associated Vulnerability
Title:Microsoft Windows Host Compute Service Shim 安全漏洞 (CVE-2018-8115)
Description:A remote code execution vulnerability exists when the Windows Host Compute Service Shim (hcsshim) library fails to properly validate input while importing a container image, aka "Windows Host Compute Service Shim Remote Code Execution Vulnerability." This affects Windows Host Compute.
Readme
                                   _____                      _ _         
         /\                       / ____|                    (_) |        
        /  \   __ _ _   _  __ _  | (___   ___  ___ _   _ _ __ _| |_ _   _ 
       / /\ \ / _` | | | |/ _` |  \___ \ / _ \/ __| | | | '__| | __| | | |
      / ____ \ (_| | |_| | (_| |  ____) |  __/ (__| |_| | |  | | |_| |_| |
     /_/    \_\__, |\__,_|\__,_| |_____/ \___|\___|\__,_|_|  |_|\__|\__, |
                 | |                                                 __/ |
                 |_|                                                |___/ 

##### Docker images verifier cli-tool (CVE-2018-8115)
To help the community stay safe, we at Aqua created an open source tool
that tests images for whether they are safe of this vulnerability.

This uitlity will connect to the Docker Registry (currently only Docker Hub supported) and check whether an image has a malicous file that can exploit the CVE-2018-8115 vulnerability, known to attack the host as part of a "docker pull" command.

## Usage
```sh
$ python verify.py [-h] [--tag TAG] [--arch ARCH] [--os OS] image
```

## Example
```~$ python verify.py evil/image

                               _____                      _ _
     /\                       / ____|                    (_) |
    /  \   __ _ _   _  __ _  | (___   ___  ___ _   _ _ __ _| |_ _   _
   / /\ \ / _` | | | |/ _` |  \___ \ / _ \/ __| | | | '__| | __| | | |
  / ____ \ (_| | |_| | (_| |  ____) |  __/ (__| |_| | |  | | |_| |_| |
 /_/    \_\__, |\__,_|\__,_| |_____/ \___|\___|\__,_|_|  |_|\__|\__, |
             | |                                                 __/ |
             |_|                                                |___/

Docker images verifier cli-tool (CVE-2018-8115)
To help the community stay safe, we at Aqua created an open source tool
that tests images for whether they are safe of this vulnerability.

Aqua Security
https://www.aquasec.com

[~] Fetching evil/image metadata...
[+] Checking layer bce2fbc256ea
[==================================================] 100%
[+] Checking layer cb1aafb71473
[==================================================] 100%
[+] Checking layer 782ba98a8cac
[==================================================] 100%
Found 5 malicious files
 Layer: 782ba98a8cac, File: ../../../../../../../../fromimage.txt
 Layer: 782ba98a8cac, File: Files\../../../../../../../../Users/All Users/Application Data/Start Menu/Programs/StartUp/evil.bat
 Layer: 782ba98a8cac, File: Files\../../../../../../../../Users/All Users/Application Data/Start Menu/Programs/StartUp/Files\script.bat
 Layer: 782ba98a8cac, File: Files\../../../../../../../Resume.txt
 Layer: 782ba98a8cac, File: Files\../../../../../../../Files\text.txt

=== IMAGE IS NOT SAFE! ===
```

 

https://www.aquasec.com
File Snapshot

 [4.0K]  /data/pocs/402b7d20e700b15863f9846007250fecc157ce8b
├── [2.7K]  README.md
└── [8.6K]  verify.py

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →