Spectre Vulnerability Proof of Concept

You must have heard the tech industry has been blowing up about Spectre and Meltdown for the past week. Here is a POC for Spectre that you can run in your Server/PC to check if you are vulnerable.

-Open up your Linux terminal and run the following:

mkdir exploit
cd exploit
git clone https://github.com/crozone/SpectrePoC.git
cd SpectrePoC

[Note: You would need packages gcc, make, build-essential to test the exploit. You could use “sudo apt-get install gcc make git build-essential -y” to install the packages.]

spectre exploit git POC git

[Optional: Review the spectre.c file and optionally modify the character string.

Spectre POC code - change string

[Optional: You can change the string between the double quotes. I have changed to the one below for this test]
Spectre POC modified string example

-Finally, compile and run the exploit:

gcc -o spectre spectre.c
./spectre

If you see the output which contains the characters that was stored in the *secret variable, then you are vulnerable to this exploit.Below is a sample output which indicates that the system is vulnerable to the Spectre vulnerability.

Code + Output Screenshot[Please click on the below image and open in a new tab/enarlge for better viewing]: Here, you can see the data (top to bottom in the red box) was read from a address space which the program was actually not allowed to read from.

Spectre POC exploit result and output

Output:

Spectre exploit POC output

Details of test system:

Kernel Version: 4.10.0-38-generic
Distro: Linux Mint 18.3 Sylvia – 64 bit
CPU Details:
Model: i7-4610M
cache size: 4096 KB
fpu: yes
fpu_execution: yes
clflush_size: 64
cache_alignment: 64
address sizes: 39 bits physical, 48 bits virtual

All credits go to the researchers who discovered and reported this issue => Jan Horn and Paul Kocher (along with Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg,Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz and Yuval Yarom).

A white paper on the exploit can be downloaded by clicking here.

If you liked this article, click on the ‘Like” button and Subscribe to my blog to get future updates. Cheers!

Sources, Credits & References:

Erik August
crozone github
Google Project Zero
SpectreAttack

Use netcat to chat over LAN

This is quick guide on how to use netcat (nc) to chat between two PCs over LAN.

VM 1: CentOS 6.6

My CentOS machine did not have netcat (nc) preinstalled so I had to manually install it.

# yum install nc -y

VM 2: Kali Linux 2016.1 | IP: 192.168.1.11 |

The Kali Linux 2016.1 had netcat tools were pre-installed so i didn’t have to install it. Here, we take any one of the 2 Pcs as the chat server and the other as the chat client.

Here, I am selecting the Kali Linux to listen for connections on a random port 12345.  [Note: The port you select must be higher than the standard port 1024.]

In this case, I will make Kali as the chat server and set it to listen on port 12345.

# nc -lvp 12345

nc listening on port 12345

Now from the 2nd PC i.e. the CentOS machine, we will make a connection to the Kali machine on port 12345.

# nc 192.168.1.11 12345

Once connected, Kali’s terminal would show as message such as shown below:

nc accepting remote connection from LAN

Now, to start chatting type the text and hit ENTER in your keyboard to send chat messages between the two PCs. Pretty sweet uh?

nc output showing chat

FYI, There are practically tons of uses of netcat (nc) other than sending messages.

Other uses of netcat:

  • File Transfer: You can use to transfer file from one PC to another.
  • Port Scanning: Use netcat with the -z flag to run a port scan of the desired IP.
  • Clone & transfer entire partitions: This comes handy if you need to take a backup and transfer it to another PC in your LAN. You can use the dd command to clone a partition or an entire hard disk and then transfer it across to another PC.
  • Run a simple Web server.

Have you found any another use with netcat? Post it in the comment section down below. If your on a Linux machine, check out the man page for netcat for more info. Happy exploring!

If you liked this article, don’t forget to subscribe and follow us on Twitter and Facebook.

Source: Cybrary.it