SYMBOL INDEX (162 symbols across 12 files) FILE: code/0302-开发侧攻击/02-CVE-2018-15664/symlink_race/build/symlink_swap.c function main (line 42) | int main(int argc, char **argv) FILE: code/0302-开发侧攻击/03-CVE-2019-14271/file-service.c function run_at_link (line 12) | __attribute__ ((constructor)) void run_at_link(void) { function is_priviliged (line 31) | bool is_priviliged() { FILE: code/0304-运行时攻击/01-容器逃逸/CVE-2016-5195/0xdeadbeef.c type vdso_patch (line 48) | struct vdso_patch { type payload_patch (line 55) | struct payload_patch { type prologue (line 63) | struct prologue { type mem_arg (line 68) | struct mem_arg { type vdso_patch (line 76) | struct vdso_patch type prologue (line 78) | struct prologue function writeall (line 91) | static int writeall(int fd, const void *buf, size_t count) function ptrace_memcpy (line 118) | static int ptrace_memcpy(pid_t pid, void *dest, const void *src, size_t n) function patch_payload_helper (line 159) | static int patch_payload_helper(struct payload_patch *pp) function patch_payload (line 185) | static int patch_payload(struct prologue *p, uint32_t ip, uint16_t port) function save_orig_vdso (line 204) | static int save_orig_vdso(void) function build_vdso_patch (line 223) | static int build_vdso_patch(void *vdso_addr, struct prologue *prologue) function backdoor_vdso (line 272) | static int backdoor_vdso(pid_t pid, unsigned int patch_number) function restore_vdso (line 280) | static int restore_vdso(pid_t pid, unsigned int patch_number) function check (line 292) | static void check(struct mem_arg *arg) type mem_arg (line 316) | struct mem_arg type mem_arg (line 318) | struct mem_arg function debuggee (line 329) | static int debuggee(void *arg_) type mem_arg (line 346) | struct mem_arg type mem_arg (line 350) | struct mem_arg function exploit_helper (line 386) | static int exploit_helper(struct mem_arg *arg) function exploit (line 440) | static int exploit(struct mem_arg *arg, bool do_patch) function create_socket (line 463) | static int create_socket(uint16_t port) function yeah (line 498) | static int yeah(struct mem_arg *arg, int s) type prologue (line 578) | struct prologue type prologue (line 583) | struct prologue function parse_ip_port (line 603) | static int parse_ip_port(char *str, uint32_t *ip, uint16_t *port) function main (line 628) | int main(int argc, char *argv[]) FILE: code/0304-运行时攻击/01-容器逃逸/CVE-2019-5736/main.go function main (line 18) | func main() { FILE: code/0304-运行时攻击/01-容器逃逸/cause-core-dump.c function main (line 3) | int main(void) FILE: code/0304-运行时攻击/01-容器逃逸/tmp-dot-x.py function main (line 8) | def main(): FILE: code/0304-运行时攻击/02-安全容器逃逸/evil_agent_src/grpc.go type agentGRPC (line 40) | type agentGRPC struct method onlineCPUMem (line 225) | func (a *agentGRPC) onlineCPUMem(req *pb.OnlineCPUMemRequest) error { method Check (line 367) | func (a *agentGRPC) Check(ctx context.Context, req *pb.CheckRequest) (... method Version (line 371) | func (a *agentGRPC) Version(ctx context.Context, req *pb.CheckRequest)... method getContainer (line 379) | func (a *agentGRPC) getContainer(cid string) (*container, error) { method execProcess (line 394) | func (a *agentGRPC) execProcess(ctr *container, proc *process, createC... method postExecProcess (line 446) | func (a *agentGRPC) postExecProcess(ctr *container, proc *process) err... method updateContainerConfigNamespaces (line 498) | func (a *agentGRPC) updateContainerConfigNamespaces(config *configs.Co... method updateContainerConfigPrivileges (line 549) | func (a *agentGRPC) updateContainerConfigPrivileges(spec *specs.Spec, ... method updateContainerConfig (line 562) | func (a *agentGRPC) updateContainerConfig(spec *specs.Spec, config *co... method rollbackFailingContainerCreation (line 572) | func (a *agentGRPC) rollbackFailingContainerCreation(ctr *container) { method finishCreateContainer (line 584) | func (a *agentGRPC) finishCreateContainer(ctr *container, req *pb.Crea... method CreateContainer (line 615) | func (a *agentGRPC) CreateContainer(ctx context.Context, req *pb.Creat... method applyNetworkSysctls (line 756) | func (a *agentGRPC) applyNetworkSysctls(ociSpec *specs.Spec) error { method handleCPUSet (line 771) | func (a *agentGRPC) handleCPUSet(ociSpec *specs.Spec) error { method createContainerChecks (line 823) | func (a *agentGRPC) createContainerChecks(req *pb.CreateContainerReque... method pidNsExists (line 839) | func (a *agentGRPC) pidNsExists(grpcSpec *pb.Spec) bool { method updateSharedPidNs (line 850) | func (a *agentGRPC) updateSharedPidNs(ctr *container) error { method StartContainer (line 868) | func (a *agentGRPC) StartContainer(ctx context.Context, req *pb.StartC... method ExecProcess (line 890) | func (a *agentGRPC) ExecProcess(ctx context.Context, req *pb.ExecProce... method SignalProcess (line 917) | func (a *agentGRPC) SignalProcess(ctx context.Context, req *pb.SignalP... method WaitProcess (line 1008) | func (a *agentGRPC) WaitProcess(ctx context.Context, req *pb.WaitProce... method ListProcesses (line 1047) | func (a *agentGRPC) ListProcesses(ctx context.Context, req *pb.ListPro... method UpdateContainer (line 1127) | func (a *agentGRPC) UpdateContainer(ctx context.Context, req *pb.Updat... method StatsContainer (line 1200) | func (a *agentGRPC) StatsContainer(ctx context.Context, req *pb.StatsC... method PauseContainer (line 1241) | func (a *agentGRPC) PauseContainer(ctx context.Context, req *pb.PauseC... method ResumeContainer (line 1253) | func (a *agentGRPC) ResumeContainer(ctx context.Context, req *pb.Resum... method RemoveContainer (line 1265) | func (a *agentGRPC) RemoveContainer(ctx context.Context, req *pb.Remov... method WriteStdin (line 1326) | func (a *agentGRPC) WriteStdin(ctx context.Context, req *pb.WriteStrea... method ReadStdout (line 1359) | func (a *agentGRPC) ReadStdout(ctx context.Context, req *pb.ReadStream... method ReadStderr (line 1370) | func (a *agentGRPC) ReadStderr(ctx context.Context, req *pb.ReadStream... method CloseStdin (line 1381) | func (a *agentGRPC) CloseStdin(ctx context.Context, req *pb.CloseStdin... method TtyWinResize (line 1405) | func (a *agentGRPC) TtyWinResize(ctx context.Context, req *pb.TtyWinRe... method CreateSandbox (line 1457) | func (a *agentGRPC) CreateSandbox(ctx context.Context, req *pb.CreateS... method DestroySandbox (line 1528) | func (a *agentGRPC) DestroySandbox(ctx context.Context, req *pb.Destro... method UpdateInterface (line 1590) | func (a *agentGRPC) UpdateInterface(ctx context.Context, req *pb.Updat... method UpdateRoutes (line 1594) | func (a *agentGRPC) UpdateRoutes(ctx context.Context, req *pb.UpdateRo... method ListInterfaces (line 1598) | func (a *agentGRPC) ListInterfaces(ctx context.Context, req *pb.ListIn... method ListRoutes (line 1602) | func (a *agentGRPC) ListRoutes(ctx context.Context, req *pb.ListRoutes... method OnlineCPUMem (line 1606) | func (a *agentGRPC) OnlineCPUMem(ctx context.Context, req *pb.OnlineCP... method ReseedRandomDev (line 1615) | func (a *agentGRPC) ReseedRandomDev(ctx context.Context, req *pb.Resee... method GetGuestDetails (line 1619) | func (a *agentGRPC) GetGuestDetails(ctx context.Context, req *pb.Guest... method MemHotplugByProbe (line 1655) | func (a *agentGRPC) MemHotplugByProbe(ctx context.Context, req *pb.Mem... method haveSeccomp (line 1665) | func (a *agentGRPC) haveSeccomp() bool { method getAgentDetails (line 1673) | func (a *agentGRPC) getAgentDetails(ctx context.Context) *pb.AgentDeta... method SetGuestDateTime (line 1691) | func (a *agentGRPC) SetGuestDateTime(ctx context.Context, req *pb.SetG... method CopyFile (line 1704) | func (a *agentGRPC) CopyFile(ctx context.Context, req *pb.CopyFileRequ... method StartTracing (line 1773) | func (a *agentGRPC) StartTracing(ctx context.Context, req *pb.StartTra... method StopTracing (line 1801) | func (a *agentGRPC) StopTracing(ctx context.Context, req *pb.StopTraci... constant cpuRegexpPattern (line 47) | cpuRegexpPattern = "cpu[0-9]*" constant memRegexpPattern (line 48) | memRegexpPattern = "memory[0-9]*" constant libcontainerPath (line 49) | libcontainerPath = "/run/libcontainer" type onlineResource (line 69) | type onlineResource struct type cookie (line 74) | type cookie constant onlineCPUMemWaitTime (line 78) | onlineCPUMemWaitTime = 100 * time.Millisecond constant cpusetMode (line 82) | cpusetMode = 0644 function handleError (line 85) | func handleError(wait bool, err error) error { function onlineResources (line 96) | func onlineResources(resource onlineResource, nbResources int32) (uint32... function onlineCPUResources (line 135) | func onlineCPUResources(nbCpus uint32) error { function onlineMemResources (line 157) | func onlineMemResources() error { function updateCpusetPath (line 172) | func updateCpusetPath(cgroupPath string, newCpuset string, cookies cooki... function setConsoleCarriageReturn (line 287) | func setConsoleCarriageReturn(fd int) error { function buildProcess (line 298) | func buildProcess(agentProcess *pb.Process, procID string, init bool) (*... function writeSystemProperty (line 741) | func writeSystemProperty(key, value string) error { function isNetworkSysctl (line 746) | func isNetworkSysctl(sysctl string) bool { function posixRlimitsToRlimits (line 783) | func posixRlimitsToRlimits(posixRlimits []specs.POSIXRlimit) []configs.R... function isSignalHandled (line 977) | func isSignalHandled(pid int, signum syscall.Signal) bool { function getPIDIndex (line 1036) | func getPIDIndex(title string) int { function loadKernelModule (line 1428) | func loadKernelModule(module *pb.KernelModule) error { FILE: code/0304-运行时攻击/02-安全容器逃逸/evil_agent_src/mount.go constant type9pFs (line 29) | type9pFs = "9p" constant typeVirtioFS (line 30) | typeVirtioFS = "virtio_fs" constant typeRootfs (line 31) | typeRootfs = "rootfs" constant typeTmpFs (line 32) | typeTmpFs = "tmpfs" constant procMountStats (line 33) | procMountStats = "/proc/self/mountstats" constant mountPerm (line 34) | mountPerm = os.FileMode(0755) function createDestinationDir (line 67) | func createDestinationDir(dest string) error { function mount (line 76) | func mount(source, destination, fsType string, flags int, options string... function ensureDestinationExists (line 137) | func ensureDestinationExists(source, destination string, fsType string) ... function parseMountFlagsAndOptions (line 164) | func parseMountFlagsAndOptions(optionList []string) (int, string) { function parseOptions (line 183) | func parseOptions(optionList []string) map[string]string { function removeMounts (line 196) | func removeMounts(mounts []string) error { type storageHandler (line 208) | type storageHandler function ephemeralStorageHandler (line 222) | func ephemeralStorageHandler(_ context.Context, storage pb.Storage, s *s... function localStorageHandler (line 237) | func localStorageHandler(_ context.Context, storage pb.Storage, s *sandb... function virtio9pStorageHandler (line 267) | func virtio9pStorageHandler(_ context.Context, storage pb.Storage, s *sa... function virtioMmioBlkStorageHandler (line 272) | func virtioMmioBlkStorageHandler(_ context.Context, storage pb.Storage, ... function virtioBlkCCWStorageHandler (line 278) | func virtioBlkCCWStorageHandler(ctx context.Context, storage pb.Storage,... function virtioFSStorageHandler (line 292) | func virtioFSStorageHandler(_ context.Context, storage pb.Storage, s *sa... function virtioBlkStorageHandler (line 297) | func virtioBlkStorageHandler(_ context.Context, storage pb.Storage, s *s... function virtioSCSIStorageHandler (line 325) | func virtioSCSIStorageHandler(ctx context.Context, storage pb.Storage, s... function commonStorageHandler (line 336) | func commonStorageHandler(storage pb.Storage) (string, error) { function mountStorage (line 346) | func mountStorage(storage pb.Storage) error { function addStorages (line 356) | func addStorages(ctx context.Context, storages []*pb.Storage, s *sandbox... function getMountFSType (line 416) | func getMountFSType(mountPoint string) (string, error) { FILE: code/0304-运行时攻击/02-安全容器逃逸/evil_bin.c function main (line 9) | int main(int argc, char *argv[]) FILE: code/0403-CVE-2018-1002105/exploit.py function _get_http_body (line 56) | def _get_http_body(byte_http): function _recv_all_once (line 63) | def _recv_all_once(ssock, length=4096): function _try_to_get_privilege (line 77) | def _try_to_get_privilege(ssock, namespace, pod): function _run_with_privilege (line 88) | def _run_with_privilege(ssock, get_path): function _match_or_exit (line 102) | def _match_or_exit(banner_bytes, resp, fail_message="[-] Failed."): function _get_secret (line 109) | def _get_secret(resp): function _save_file (line 116) | def _save_file(file_name, content): function _steal_secret (line 121) | def _steal_secret(api_server, secret_file, match_banner): function main (line 144) | def main(): FILE: code/0404-K8s拒绝服务攻击/CVE-2019-9512-poc.py class PingFlood (line 10) | class PingFlood: method __init__ (line 32) | def __init__(self, ip, port=6443, socket_count=1000): method create_socket (line 48) | def create_socket(self): method attack (line 75) | def attack(self): FILE: code/0405-云原生网络攻击/k8s_dns_mitm.py class S (line 15) | class S(BaseHTTPRequestHandler): method _set_response (line 16) | def _set_response(self): method do_GET (line 21) | def do_GET(self): class DnsProxy (line 26) | class DnsProxy: method __init__ (line 29) | def __init__(self, upstream_server, local_server_mac, local_server_ip, method generate_response (line 40) | def generate_response(request, ip=None, nx=None): method is_local_domain (line 57) | def is_local_domain(domain): method forward (line 62) | def forward(self, req_pkt, verbose): method spoof (line 107) | def spoof(self, req_pkt): method handle_queries (line 117) | def handle_queries(self, req_pkt): method dns_req_filter (line 125) | def dns_req_filter(self, pkt): method start (line 134) | def start(self): function get_self_mac_ip (line 143) | def get_self_mac_ip(): function get_kube_dns_svc_ip (line 147) | def get_kube_dns_svc_ip(): function get_coredns_pod_mac_ip (line 152) | def get_coredns_pod_mac_ip(kube_dns_svc_ip, self_ip, verbose): function get_bridge_mac_ip (line 164) | def get_bridge_mac_ip(verbose): function arp_spoofing (line 169) | def arp_spoofing(bridge_ip, coredns_pod_ip, function fake_http_server (line 179) | def fake_http_server(): function main (line 185) | def main(verbose): function usage (line 230) | def usage():