0day VirtualBox 6.1 Escape for RealWorld CTF 2020/2021

[mak]

0day VirtualBox 6.1 Escape for RealWorld CTF 2020/2021

This post is about a VirtualBox escape for the latest currently available version (VirtualBox 6.1.16 on Windows). The vulnerabilities were discovered and exploited by our team Sauercl0ud as part of the RealWorld CTF 2020/2021.

The vulnerability was known to the organizers, requires the guest to be able to insert kernel modules and isn’t exploitable on default configurations of VirtualBox so the impact is very limited.

Many thanks to the organizers for hosting this great competition, especially to ChenNan for creating this challenge, M4x for always being helpful, answering our questions and sitting with us through the many demo attempts and of course all the people involved in writing the exploit.

Let’s get to some pwning

https://secret.club/2021/01/14/vbox-escape.html
You can find this version of our exploit here.