bsauce / kernel-exploit-factory Goto Github PK
View Code? Open in Web Editor NEWLinux kernel CVE exploit analysis report and relative debug environment. You don't need to compile Linux kernel and configure your environment anymore.
Linux kernel CVE exploit analysis report and relative debug environment. You don't need to compile Linux kernel and configure your environment anymore.
hello,when I complie exploit.c,it will error:linux/watch_queue.h : no such file or directory,why? I cant solve this.
Sorry to bother you, but I meet some question when testing CVE-2022-32250.
I can run the exploit successfully by using your bzImage, but it won't work when I change to the kernel buit by myself, even it has the same version of yours and I also copy your .config to make it same.
Could you tell me how did you build your kernel file?
仓库中只有bzImage,没有vmlinux,是不是不能用来调试exp?
Hello,大佬
最近在调试CVE-2021-43267的TIPC CRYPTO消息溢出漏洞,但是在“5-1 触发TIPC漏洞,篡改msg_msg->m_ts
这一步会因为msg_msg消息堆喷的堆块地址不够连续而失败
在增加了堆喷数量后依旧如此
并且我已经关闭了CONFIG_SLAB_FREELIST_RANDOM、CONFIG_SLAB_FREELIST_HARDEND和CONFIG_SHUFFLE_PAGE_ALLOCATOR保护
想请问一下大佬的内核编译选项是怎么设置的,能分享一下么,多谢~
附件中是我的内核编译配置
config.zip
exp硬编码了 0xffffffff822c26c0 地址,这个地址是干什么的?
我在 /proc/kallsyms 没有看到这个地址是哪个函数的
/ # cat /proc/kallsyms | grep 822c26c0
As the title,
Could you provide any commands or scripts for building rootfs.cpio
?
And I suggest you can add the debug information when compiling.
你好,我正在尝试复现CVE-2020-8835,但是我遇到了问题。
page fault
,并重启内核。请问,你感觉问题在哪?PS:由于运行实验室,内核直接重启,我无法重定向输出文字内容的错误。我录屏保存报错过程,它的错误大致如下:
ctrl_mapfd:3, exp_mapfd:4
[+] leak array_map_ops:0xFFFFFFFF98A168C0
[+] leak kernel_base addr:0xFFFFFFFF97A00440
[+] leak exp_map_elem addr:0xFFFFA265DD8B4110
[17.799154] BUG unable to handle page fault for address ffffffff822c26c0
[17.800875] #PF: supervisor read access in kernel mode
[17.802072] #PF:error_code(0x0000) -not-present page
[17.803781] PGC E20D067 P4D e20d067 PUD e20e063 PMD 0
[17.805108] Oops [#1] SMP PTI
[.................] CPU:0 PID:105 Comm:exp_signel_core Not tainted 5.6.0 #1
....
....
Call Trace:
bpf_obj_get_info_by_fd+0x19d/0x2b0
__do_sys_bpf+0x3fb/0x18b0
do_syscall_64
.....
.....
kernel panic - not syncing : Fault exception
Kernel offset : 0x16a00000 from 0xffffffff81000000 (relocation range : 0xffffffff81000000-0xffffffffbfffffff
Rebort in 1 seconds...
Hello,大佬。请问cve-2017-11176为什么需要执行两次漏洞触发呢,我调试时发现只执行一次sock也会被释放,只是后续利用sendmsg申请不到那个堆块?请问这其中有什么原因吗?
hello, in the exp, the address of 'native_write_cr4' is needed, but in linux 4.10.6 source code, this function is inline, so would you please let me know how to get the address of 'native_write_cr4'. thanks a lot!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.