Linux Kernel 4.13 (Debian 9) - Local Privilege Escalation

/ disablemapminadd.c / / / include include include include include include include / offsets might differ, kernel was custom compiled you can read vmlinux and caculate the offset when testing / / define OFFSETKERNELBASE 0x000000 / define MMAPMINADDR 0x1101de8 define DACMMAPMINADDR 0xe8e810 / get...

Linux Kernel 4.14.0-rc4+ waitid() Privilege Escalation

define GNUSOURCE include include include include include include include struct cred; struct taskstruct; typedef struct cred preparekernelcredt struct taskstruct daemon attributeregparm3; typedef int commitcredst struct cred new attributeregparm3; preparekernelcredt preparekernelcred; commitcreds...

Linux Kernel 4.14.0-rc4+ - waitid() Privilege Escalation Exploit

Exploit for linux platform in category local exploits define GNUSOURCE include include include include include include include struct cred; struct taskstruct; typedef struct cred preparekernelcredt struct taskstruct daemon attributeregparm3; typedef int commitcredst struct cred new...

Linux Kernel 4.14.0-rc4+ - 'waitid()' Local Privilege Escalation

define GNUSOURCE include include include include include include include struct cred; struct taskstruct; typedef struct cred preparekernelcredt struct taskstruct daemon attributeregparm3; typedef int commitcredst struct cred new attributeregparm3; preparekernelcredt preparekernelcred; commitcreds...

Linux Kernel 4.8.0 - Packet Socket Local root Privilege Escalation Exploit

Exploit for linux platform in category local exploits // A proof-of-concept local root exploit for CVE-2017-7308. // Includes a SMEP & SMAP bypass. // Tested on 4.8.0-41-generic Ubuntu kernel. // https://github.com/xairy/kernel-exploits/tree/master/CVE-2017-7308 // // Usage: // email protected:$...

Linux Kernel 4.8.0-41-generic (Ubuntu) - Packet Socket Local Privilege Escalation

// A proof-of-concept local root exploit for CVE-2017-7308. // Includes a SMEP & SMAP bypass. // Tested on 4.8.0-41-generic Ubuntu kernel. // https://github.com/xairy/kernel-exploits/tree/master/CVE-2017-7308 // // Usage: // user@ubuntu:$ uname -a // Linux ubuntu 4.8.0-41-generic 4416.04.1-Ubuntu...

Linux Kernel REFCOUNT Overflow / Use-After-Free

Exploit Title: Linux kernel REFCOUNT overflow/Use-After-Free in keyrings Date: 19/1/2016 Exploit Author: Perception Point Team CVE : CVE-2016-0728 / CVE-2016-0728 local root exploit modified by Federico Bento to read kernel symbols from /proc/kallsyms props to grsecurity/PaX for preventing this i...

Ubuntu 12.04.0-2LTS x64 perf_swevent_init - Kernel Local Root Exploit

No description provided by source. / Ubuntu 12.04 3.x x8664 perfsweventinit Local root exploit by Vitaly Nikolenko [email protected] based on semtex.c by sd Supported targets: 0 Ubuntu 12.04.0 - 3.2.0-23-generic 1 Ubuntu 12.04.1 - 3.2.0-29-generic 2 Ubuntu 12.04.2 - 3.5.0-23-generic $ gcc vnik.c...

Linux Kernel 2.6.34+ - CAP_SYS_ADMIN x86 & x64 Local Privilege Escalation Exploit (2)

No description provided by source. / Linux Kernel CAPSYSADMIN to Root Exploit 2 32 and 64-bit by Joe Sylve @jtsylve on twitter Released: Jan 7, 2011 Based on the bug found by Dan Rosenberg @djrbliss only loosly based on his exploit http://www.exploit-db.com/exploits/15916/ Usage: gcc -w...

Linux kernel 3.14-rc1 <= 3.15-rc4 - Raw Mode PTY Local Echo Race Condition (x64) Local Privilege Escalation

No description provided by source. / CVE-2014-0196: Linux kernel = v3.15-rc4: raw mode PTY local echo race condition Slightly-less-than-POC privilege escalation exploit For kernels = v3.14-rc1 Matthew Daley [email protected] Usage: $ gcc cve-2014-0196-md.c -lutil -lpthread $ ./a.out + Resolving...

Linux Kernel 3.7.10 (Ubuntu 12.10 x64) - sock_diag_handlers Local Privilege Escalation (2)

Linux Kernel 3.7.10 Ubuntu 12.10 x64 - sockdiaghandlers Local Privilege Escalation 2 include include include include include include include include include include include include include include typedef int attributeregparm3 commitcredsunsigned long cred; typedef unsigned long attributeregparm3...