Linux kernel exploitation experiments

This is a playground for the Linux kernel exploitation experiments. Only basic methods. Just for fun.

Contents:

drill_mod.c - a small Linux kernel module with nice vulnerabilities. You can interact with it via a simple procfs interface.
drill.h - a header file describing the drill_mod.ko interface.
drill_exploit_uaf_callback.c - a basic use-after-free exploit overwriting a callback in the drill_item_t struct.
drill_exploit_nullderef.c - a basic null-ptr-deref exploit, which uses wonderful mmap_min_addr bypass by Jann Horn.

N.B. Only basic exploit techniques here.

So compile your kernel with x86_64_defconfig and run it with pti=off nokaslr boot arguments.

Also don't forget to run qemu-system-x86_64 with -cpu qemu64,-smep,-smap.

License: GPL-3.0.

Have fun!

Repositories

Name		Name	Last commit message	Last commit date
Latest commit History 32 Commits
.gitignore		.gitignore
LICENSE.txt		LICENSE.txt
Makefile		Makefile
README.md		README.md
drill.h		drill.h
drill_exploit_nullderef.c		drill_exploit_nullderef.c
drill_exploit_uaf_callback.c		drill_exploit_uaf_callback.c
drill_mod.c		drill_mod.c
issues.md		issues.md
prep_trace.sh		prep_trace.sh
prep_usr.sh		prep_usr.sh