Spectre meltdown exploit

[BarMuda]

Is it possible to use the Bash Bunny to utilise the meltdown and spectre vulnerability on any machine that hasnt been patched?

I think the vuln can be expolited if a users visits a website and a malicious java script is run. As the bunny is a linux box, can this run a light weight webserver and deliver the same java script?

[PoSHMagiC0de]

From what I have read, they cannot be exploited reliably remotely.  ASLR will still pose an issue seeing they will need to find kernel.dll or whatever kernel for whatever OS to tap into the feature that is bugged.  If they can then they could gather information with the exploit.  Someone can correct me if I am wrong, it is still pretty new.

With the BB it could be exploited quite well since you will be on the local machine and can run whatever program you want (at the level of the user that is signed on of course).  In this case you can make your own program to access the kernel and do its thing since it will be your program.  So, yes a BB can be used to exploit there vulnerabilities directly on the machine to get a dump of that private area.

Some people I read said code execution was possible with it too but I think what was meant was this exploit could be stacked with others to make them more effective.  Use Meltdown or Spectre to get the ASLR data so you know where to map a particular exploit when fired.

 

I think the underlying key here is getting access to the function in the kernel that is vulnerable though, I think that place is the predictive algorithm it uses to determine with branch in program execution to pre-execute to try and save time.

[RazerBlade]

The hardest part would be to exfiltrate the memory dump as it can be quite large, 16 gb or more. 

[Sebkinne]

1 hour ago, RazerBlade said:

The hardest part would be to exfiltrate the memory dump as it can be quite large, 16 gb or more. 

Yeah, I'd have the payload on the victim PC upload the dump somewhere. 

[BarMuda]

Thanks all for your feed back.