Rename directory exploit/cos-105-17412-101.17 to exlpoit/cos-105-1741…

…2.101.17

pocs/linux/kernelctf/CVE-2023-3390_lts_cos_mitigation/README.md

@@ -8,10 +8,10 @@ Vulnerability and Exploit descriptions for CVE-2023-3390
         * [exploit.c](./exploit/lts-6.1.31/exploit.c)
         * [exploit](./exploit/lts-6.1.31/exploit)
         * [Makefile](./exploit/lts-6.1.31/Makefile)
-    * [cos-105-17412-101.17](./exploit/cos-105-17412-101.17)
-        * [exploit.c](./exploit/cos-105-17412-101.17/exploit.c)
-        * [exploit](./exploit/cos-105-17412-101.17/exploit)
-        * [Makefile](./exploit/cos-105-17412-101.17/Makefile)
+    * [cos-105-17412.101.17](./exploit/cos-105-17412.101.17)
+        * [exploit.c](./exploit/cos-105-17412.101.17/exploit.c)
+        * [exploit](./exploit/cos-105-17412.101.17/exploit)
+        * [Makefile](./exploit/cos-105-17412.101.17/Makefile)
     * [mitigation-6.1](./exploit/mitigation-6.1)
         * [exploit.c](./exploit/mitigation-6.1/exploit.c)
         * [exploit](./exploit/mitigation-6.1/exploit)

pocs/linux/kernelctf/CVE-2023-3390_lts_cos_mitigation/docs/exploit.md

@@ -395,7 +395,7 @@ else
 }
 ```
 
-After this initialization [1], we proceed to next steps depending on whether the Netfilter objects are in a cgroup cache or not [2]. Note that `lts-6.1.31` and `mitigaion-6.1` use the cgroup cache and `cos-105-17412-101.17` does not.
+After this initialization [1], we proceed to next steps depending on whether the Netfilter objects are in a cgroup cache or not [2]. Note that `lts-6.1.31` and `mitigaion-6.1` use the cgroup cache and `cos-105-17412.101.17` does not.
 
 
 ### 5.2 Disable buffering
@@ -1178,7 +1178,7 @@ After these steps, the exploitation is finished and we can read the flag from th
 
 ## 7. COS-15-17412-101.17 Instance
 
-In this section, we discuss the exploit in detail for `cos-105-17412-101.17` instances.
+In this section, we discuss the exploit in detail for `cos-105-17412.101.17` instances.
 
 - Linux commit [33758c891479ea1c736abfee64b5225925875557](https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=33758c891479ea1c736abfee64b5225925875557)
 >
@@ -1187,7 +1187,7 @@ In this section, we discuss the exploit in detail for `cos-105-17412-101.17` ins
 > This patch account most of the memory allocation associated with nft and should protect the host from misusing nft inside a memcg restricted container.
 >
 
-Before Linux v5.19, the Netfilter nf_tables objects are allocated into `kmalloc` caches, not the accounted `kmalloc-cg` caches. Since the `cos-105-17412-101.17` is based on Linux v5.15.109, the double-freed chunks are created into `kmalloc-1k` cache.
+Before Linux v5.19, the Netfilter nf_tables objects are allocated into `kmalloc` caches, not the accounted `kmalloc-cg` caches. Since the `cos-105-17412.101.17` is based on Linux v5.15.109, the double-freed chunks are created into `kmalloc-1k` cache.
 
 ### 7.1 Overview
 This exploit takes the following steps:
@@ -1417,7 +1417,7 @@ Notice that we allocate only one `struct user_key_payload` object. This is becau
 [   23.913920]  __x64_sys_sendto+0x20/0x30
 [   23.914156]  do_syscall_64+0x42/0x90
 ```
-The call trace above shows the allocation path of the given `cos-105-17412-101.17` kernel image.
+The call trace above shows the allocation path of the given `cos-105-17412.101.17` kernel image.
 
 - [exploit/extra-refined/exploit.c#L1101](../exploit/extra-refined/exploit.c#L1101)
 ```c
@@ -1787,7 +1787,7 @@ sleep(3);
 
 post_exploit();
 ```
-The exploit waits for a while to ensure the kernel shellcode is executed by the kernel worker. After the kernel shellcode is executed, the same `post_exploit` function from `lts_6.1.31` exploit is used to perform post-exploit works and drop a root shell to get the flag of `cos-105-17412-101.17` instance.
+The exploit waits for a while to ensure the kernel shellcode is executed by the kernel worker. After the kernel shellcode is executed, the same `post_exploit` function from `lts_6.1.31` exploit is used to perform post-exploit works and drop a root shell to get the flag of `cos-105-17412.101.17` instance.
 
 ## 8. LTS 6.1 Mitigation Instance
 For `mitigation-6.1` instance, we could apply the exactly same exploit strategy for `lts-6.1.31`, since the original strategy is not hindered by the applied mitigations.

pocs/linux/kernelctf/CVE-2023-3390_lts_cos_mitigation/docs/novel-techniques.md

@@ -396,7 +396,7 @@ To the best of our knowledge, this is the first publication posing the regressio
 
 ## Usage of `struct nft_set` as a novel target object
 
-While writing exploits for CVE-2023-3390, especially when targeting `cos-105-17412-101.17` instance, we found that `struct nft_set` is an extremely useful object for the kernel exploit, no matter if it is the vulnerable object of the vulnerability. We actively utilized the `struct nft_set` object after we get stable double free, even though double free gives us the capability to overlap arbitrary types of objects, not only `struct nft_set`. 
+While writing exploits for CVE-2023-3390, especially when targeting `cos-105-17412.101.17` instance, we found that `struct nft_set` is an extremely useful object for the kernel exploit, no matter if it is the vulnerable object of the vulnerability. We actively utilized the `struct nft_set` object after we get stable double free, even though double free gives us the capability to overlap arbitrary types of objects, not only `struct nft_set`. 
 
 Generally, we have three reasons to use `struct nft_set` for a target object.
 First, the `struct nft_set` contains useful fields in itself for exploit.