awesome-vm-exploit

Sharing some useful archives about vm and qemu escape exploit.

I want to collect what I can find. Also be welcome to provide me with issues.

In computer security, virtual machine escape is the process of breaking out of a virtual machine and interacting with the host operating system.

VMware && Esxi && Funsion

Writeup and Exploit

• VMware Escape Exploit - CVE-2017-4901
• 利用一个堆溢出漏洞实现VMware逃逸-CVE-2017-4901
• A-bunch-of-Red-Pills-VMware-Escapes
• eu-17-Mandal-The-Great-Escapes-Of-Vmware-A-Retrospective-Case-Study-Of-Vmware-G2H-Escape-Vulnerabilities
• Vmware-exploit GitHub repositor
• qemu-kvm和ESXi虚拟机逃逸实例分享
• CVE-2022-31705 Geekpwn 2022 Vmware EHCI OOB

Virtualbox

Basic

• virtualbox technical background

Writeup and Exploit

• VirtualBox E1000 Guest-to-Host Escape
• Oracle VirtualBox < 5.1.30 / < 5.2-rc1 - GUest to Host Escape
• VirtualBox 5.2.6.r120293 -VM Escape
• Pwn2Own 2018 Virtualbox 的漏洞分析及利用介绍：thinking_outside_the_virtualbox
• Escaping VirtualBox 6.1

Qemu

Writeup and Exploit

• VM escape - QEMU Case Study
• Qemu - Escape - analysis - CVE-2015-7504 and CVE-2015-7512
• Some Qemu escape exploit
• CVE-2020-14364 QEMU逃逸 漏洞分析
• qemu-kvm和ESXi虚拟机逃逸实例分享

Parallels Desktop

• Advanced Exploitation ofSimple Bugs---A Parallels Desktop Case Study (Pwn2Own2021)

• CVE-2023-27326 Parallels Desktop Toolgate Vulnerability

Hyper-V

• awesome-hyper-v-exploitation

Docker

Basic

• eu-15-Bettini-Vulnerability-Exploitation-In-Docker-Container-Environments
• CSW2016-Docker-Escape-Techonology

Writeup and Exploit

• Docker 容器逃逸案例分析
• escaping-docker-container-using-waitid-cve-2017-5123

Tools

CDK - Zero Dependency Container Penetration Toolkit

Misc

• google group vmkernelnewbies(has some good basic intro)
• XEN D2T2-Shangcong-Luan-Xen-Hypervisor-VM-Escape
• vmware exploitation(list)

CTFs

Writeup and Exploit

• realword ctf - state-of-the-art_vm
• HITB 2017 - babyqemu
• 0CTF 2017 - QEMU EScape
• 48小时逃逸Virtualbox虚拟机——记一次CTF中的0day之旅
• rwctf-3rd-BoxEscape