Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Enlightenment - Linux Null PTR Dereference Exploit Framework

🗓️ 11 Sep 2009 00:00:00Reported by RootType 
seebug
 seebug🔗 www.seebug.org👁 27 Views

Enlightenment - Linux Null PTR Dereference Exploit Framework. It allows creating custom exploit modules and has specific requirements for each module such as description, prepare, trigger, post, and get_exploit_state_ptr functions.

Code

                                                /* enlightenment 200909092307

   To create your own exploit module for enlightenment, just name it
   exp_whatever.c
   It will be auto-compiled by the run_exploits.sh script and thrown into
   the list of loaded exploit modules

   Each module must have the following features:
   It must include this header file, exp_framework.h
   A description of the exploit, the variable being named "desc"
   A "prepare" function: int prepare(unsigned char *ptr)
     where ptr is the ptr to the NULL mapping, which you are able to write to
     This function can return the flags described below for prepare_the_exploit
     Return 0 for failure otherwise
   A "trigger" function: int trigger(void)
     Return 0 for failure, nonzero for success
   A "post" function: int post(void)
     This function can return the flags described below for post_exploit
   A "get_exploit_state_ptr" function:
     int get_exploit_state_ptr(struct exploit_state *ptr)
     Generally this will always be implemented as:
     struct *exp_state;
     int get_exploit_state_ptr(struct exploit_state *ptr)
     {
        exp_state = ptr;
        return 0;
     }
     It gives you access to the exploit_state structure listed below,
     get_kernel_sym allows you to resolve symbols
     own_the_kernel is the function that takes control of the kernel
      (in case you need its address to set up your buffer)
     the other variables describe the exploit environment, so you can
     for instance, loop through a number of vulnerable socket domains
     until you detect ring0 execution has occurred.

   That's it!
*/

http://www.grsecurity.net/~spender/enlightenment.tgz
back: http://milw0rm.com/sploits/2009-enlightenment.tgz

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
11 Sep 2009 00:00Current
7.1High risk
Vulners AI Score7.1
enlightenmentlinuxnull ptr dereferenceexploitframeworkmoduledescriptionprepare functiontrigger functionpost functionexploit statekernelexploit environmentsocket domainsexecutiongrsecuritymilw0rm
27