GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → yuawn → Linux-Kernel-Exploitation

yuawn / Linux-Kernel-Exploitation

Licence: other
Linux kernel development & exploitation lab.

Programming Languages

c
50402 projects - #5 most used programming language
shell
77523 projects
Makefile
30231 projects

Labels

linuxsecuritykernellinux-kernelpwnctfpwnablekernel-exploitationprivilege-escalation

Projects that are alternatives of or similar to Linux-Kernel-Exploitation

winpwn
CTF windows pwntools
Stars: ✭ 137 (+5.38%)
Mutual labels:  pwn, ctf, pwnable
ctf-writeups
📚 Yet another CTF writeups repository. PWN and RE tasks
Stars: ✭ 29 (-77.69%)
Mutual labels:  pwn, ctf, pwnable
Linux Kernel Exploitation
A collection of links related to Linux kernel security and exploitation
Stars: ✭ 3,859 (+2868.46%)
Mutual labels:  linux-kernel, kernel-exploitation, privilege-escalation
exploiting
Exploiting challenges in Linux and Windows
Stars: ✭ 122 (-6.15%)
Mutual labels:  pwn, ctf, pwnable
heapinfo
An interactive memory info for pwning / exploiting
Stars: ✭ 96 (-26.15%)
Mutual labels:  pwn, ctf, pwnable
ghidra2dwarf
🐉 Export ghidra decompiled code to dwarf sections inside ELF binary
Stars: ✭ 135 (+3.85%)
Mutual labels:  pwn, ctf
kar98k public
pwn & ctf tools for windows
Stars: ✭ 24 (-81.54%)
Mutual labels:  pwn, ctf
NTU-Computer-Security
台大 計算機安全 - Pwn 簡報、影片、作業題目與解法 - Computer Security Fall 2019 @ CSIE NTU Taiwan
Stars: ✭ 293 (+125.38%)
Mutual labels:  pwn, ctf
nadbg
👀Dynamic memory watcher/tracer/analyzer for CTF pwn
Stars: ✭ 51 (-60.77%)
Mutual labels:  pwn, ctf
Prototype Kernel
Prototyping kernel development work outside mainline
Stars: ✭ 214 (+64.62%)
Mutual labels:  kernel, linux-kernel
heaptrace
helps visualize heap operations for pwn and debugging
Stars: ✭ 252 (+93.85%)
Mutual labels:  pwn, ctf
kernel-memtest
Hybrid memtest running in kernel mode, and userspace.
Stars: ✭ 17 (-86.92%)
Mutual labels:  kernel, linux-kernel
w1-gpio-cl
Command line configured kernel mode 1-wire bus master driver. w1-gpio standard Linux module enhancement/substitution.
Stars: ✭ 17 (-86.92%)
Mutual labels:  kernel, linux-kernel
ctf
repo for ctf
Stars: ✭ 22 (-83.08%)
Mutual labels:  ctf, pwnable
Kvm Kernel Example
Examples for: Learning KVM - implement your own kernel
Stars: ✭ 221 (+70%)
Mutual labels:  kernel, linux-kernel
ctf
ctf wp 2019-2020
Stars: ✭ 23 (-82.31%)
Mutual labels:  pwn, ctf
CTF
CTF binary exploit code
Stars: ✭ 37 (-71.54%)
Mutual labels:  pwn, pwnable
toolset
Useful tools for CTF competitions
Stars: ✭ 31 (-76.15%)
Mutual labels:  ctf, pwnable
Linux Samus
Linux 4.16 on Chromebook Pixel 2015
Stars: ✭ 179 (+37.69%)
Mutual labels:  kernel, linux-kernel
Linux Uek
Oracle Linux UEK: Unbreakable Enterprise Kernel
Stars: ✭ 185 (+42.31%)
Mutual labels:  kernel, linux-kernel
View All Similar Projects ➔

Linux Kernel Exploitation

Linux kernel exploitation lab.
Slide: speakerdeck.com/yuawn/kernel-exploitation

Linux kernel exploitation techniques

  • ret2user
    • status switch
  • modify cr4 register
    • bypass smep
    • bypass smap
  • kpti
    • fix cr3 register
    • swapgs_restore_regs_and_return_to_usermode()
  • kernel information leak
    • useful kernel structure for UAF
  • modprobe_path
  • userfaultfd
    • race condition
  • setxattr
    • setxattr + userfaultfd
  • msg_msg
  • signal handler

Prepare files needed to compile kernel module

wget https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.10.1.tar.xz
tar Jxvf linux-5.10.1.tar.xz
cp .config linux-5.10.1
cd linux-5.10.1
make menuconfig # load .config
make modules_prepare

Compile linux kernel

sudo apt-get install build-essential libncurses-dev bison flex libssl-dev libelf-dev
wget https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.10.1.tar.xz
tar Jxvf linux-5.10.1.tar.xz
cp .config linux-5.10.1
cd linux-5.10.1
make menuconfig # load .config
make -j $(nproc)

busybox

wget https://busybox.net/downloads/busybox-1.32.0.tar.bz2
tar jxvf busybox-1.32.0.tar.bz2
cd busybox-1.32.0
mkdir build
export BUSYBOX_BUILD=$(pwd)/build
make O=$BUSYBOX_BUILD defconfig
make O=$BUSYBOX_BUILD menuconfig # Settings -> Build Options: enable Build static binary (no shared libs)
cd $BUSYBOX_BUILD
make -j 4
make install -j 4

initramfs

mkdir rootfs
cd rootfs
mkdir -pv {bin,sbin,etc,proc,dev,tmp,sys,usr/{bin,sbin}}
cp -r $BUSYBOX_BUILD/_install/* .
vim init # Create init file
  • Some files
    • /etc/passwd
    • /home/user
    • /flag
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].