Linux Kernel 4.13 (Debian 9) - Local Privilege Escalation

/ disablemapminadd.c / / / include include include include include include include / offsets might differ, kernel was custom compiled you can read vmlinux and caculate the offset when testing / / define OFFSETKERNELBASE 0x000000 / define MMAPMINADDR 0x1101de8 define DACMMAPMINADDR 0xe8e810 / get...

Linux Kernel 4.14.0-rc4+ waitid() Privilege Escalation

define GNUSOURCE include include include include include include include struct cred; struct taskstruct; typedef struct cred preparekernelcredt struct taskstruct daemon attributeregparm3; typedef int commitcredst struct cred new attributeregparm3; preparekernelcredt preparekernelcred; commitcreds...

Linux Kernel 4.14.0-rc4+ - waitid() Privilege Escalation Exploit

Exploit for linux platform in category local exploits define GNUSOURCE include include include include include include include struct cred; struct taskstruct; typedef struct cred preparekernelcredt struct taskstruct daemon attributeregparm3; typedef int commitcredst struct cred new...

Linux Kernel 4.14.0-rc4+ - 'waitid()' Local Privilege Escalation

define GNUSOURCE include include include include include include include struct cred; struct taskstruct; typedef struct cred preparekernelcredt struct taskstruct daemon attributeregparm3; typedef int commitcredst struct cred new attributeregparm3; preparekernelcredt preparekernelcred; commitcreds...

Linux Kernel 4.8.0 - Packet Socket Local root Privilege Escalation Exploit

Exploit for linux platform in category local exploits // A proof-of-concept local root exploit for CVE-2017-7308. // Includes a SMEP & SMAP bypass. // Tested on 4.8.0-41-generic Ubuntu kernel. // https://github.com/xairy/kernel-exploits/tree/master/CVE-2017-7308 // // Usage: // email protected:$...

Linux Kernel 4.8.0-41-generic (Ubuntu) - Packet Socket Local Privilege Escalation

// A proof-of-concept local root exploit for CVE-2017-7308. // Includes a SMEP & SMAP bypass. // Tested on 4.8.0-41-generic Ubuntu kernel. // https://github.com/xairy/kernel-exploits/tree/master/CVE-2017-7308 // // Usage: // user@ubuntu:$ uname -a // Linux ubuntu 4.8.0-41-generic 4416.04.1-Ubuntu...

Android get_user/put_user Exploit

This module exploits a missing check in the getuser and putuser API functions in the linux kernel before 3.5.5. The missing checks on these functions allow an unprivileged user to read and write kernel memory. This exploit first reads the kernel memory to identify the commitcreds and ptmxfops...

Linux Kernel REFCOUNT Overflow / Use-After-Free

Exploit Title: Linux kernel REFCOUNT overflow/Use-After-Free in keyrings Date: 19/1/2016 Exploit Author: Perception Point Team CVE : CVE-2016-0728 / CVE-2016-0728 local root exploit modified by Federico Bento to read kernel symbols from /proc/kallsyms props to grsecurity/PaX for preventing this i...

Ubuntu 12.04.0-2LTS x64 perf_swevent_init - Kernel Local Root Exploit

No description provided by source. / Ubuntu 12.04 3.x x8664 perfsweventinit Local root exploit by Vitaly Nikolenko [email protected] based on semtex.c by sd Supported targets: 0 Ubuntu 12.04.0 - 3.2.0-23-generic 1 Ubuntu 12.04.1 - 3.2.0-29-generic 2 Ubuntu 12.04.2 - 3.5.0-23-generic $ gcc vnik.c...

Linux Kernel 2.6.34+ - CAP_SYS_ADMIN x86 & x64 Local Privilege Escalation Exploit (2)

No description provided by source. / Linux Kernel CAPSYSADMIN to Root Exploit 2 32 and 64-bit by Joe Sylve @jtsylve on twitter Released: Jan 7, 2011 Based on the bug found by Dan Rosenberg @djrbliss only loosly based on his exploit http://www.exploit-db.com/exploits/15916/ Usage: gcc -w...

Linux kernel 3.14-rc1 <= 3.15-rc4 - Raw Mode PTY Local Echo Race Condition (x64) Local Privilege Escalation

No description provided by source. / CVE-2014-0196: Linux kernel = v3.15-rc4: raw mode PTY local echo race condition Slightly-less-than-POC privilege escalation exploit For kernels = v3.14-rc1 Matthew Daley [email protected] Usage: $ gcc cve-2014-0196-md.c -lutil -lpthread $ ./a.out + Resolving...

Linux Kernel 3.7.10 (Ubuntu 12.10 x64) - sock_diag_handlers Local Privilege Escalation (2)

Linux Kernel 3.7.10 Ubuntu 12.10 x64 - sockdiaghandlers Local Privilege Escalation 2 include include include include include include include include include include include include include include typedef int attributeregparm3 commitcredsunsigned long cred; typedef unsigned long attributeregparm3...