Skip to content

/ kernel-hack-drill

Linux kernel exploitation experiments
C Shell Makefile
  1. C 92.3%
  2. Shell 5.6%
  3. Makefile 2.1%
Branch: master
Find file
Clone or download

Clone with HTTPS

Use Git or checkout with SVN using the web URL.

Open in Desktop Download ZIP

Launching GitHub Desktop

If nothing happens, download GitHub Desktop and try again.

Launching GitHub Desktop

If nothing happens, download GitHub Desktop and try again.

Launching Xcode

If nothing happens, download Xcode and try again.

Launching Visual Studio

If nothing happens, download the GitHub extension for Visual Studio and try again.

Cannot retrieve the latest commit at this time.
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
Makefile Add kernel null pointer dereference exploit Mar 7, 2019
README.md Add README Mar 7, 2019
drill_exploit_nullderef.c Add kernel null pointer dereference exploit Mar 7, 2019
drill_exploit_uaf.c Finish renaming (part 2) Mar 7, 2019
drill_mod.c Add kernel null pointer dereference exploit Mar 7, 2019
prep_trace.sh
prep_usr.sh

README.md

Linux kernel exploitation experiments

This is a playground for the Linux kernel exploitation experiments. Only basic methods. Just for fun.

Contents:

  • drill_mod.c - a small Linux kernel module with nice vulnerabilities. You can interact with it via a simple debugfs interface.
  • drill_exploit_uaf.c - a basic use-after-free exploit.
  • drill_exploit_nullderef.c - a basic null-ptr-deref exploit, which uses wonderful mmap_min_addr bypass by Jann Horn.

N.B. Only basic exploit techniques here. So compile your kernel with x86_64_defconfig and run it with pti=off nokaslr.

Have fun!

You can’t perform that action at this time.