{"id":22130799,"url":"https://github.com/yuawn/linux-kernel-exploitation","last_synced_at":"2025-07-25T18:32:41.614Z","repository":{"id":41200485,"uuid":"322191605","full_name":"yuawn/Linux-Kernel-Exploitation","owner":"yuawn","description":"Linux kernel module implementation \u0026 exploitation (pwn) labs.","archived":false,"fork":false,"pushed_at":"2022-01-26T06:25:04.000Z","size":17203,"stargazers_count":185,"open_issues_count":0,"forks_count":20,"subscribers_count":4,"default_branch":"master","last_synced_at":"2024-11-30T18:14:48.585Z","etag":null,"topics":["ctf","kernel","kernel-exploitation","linux","linux-kernel","privilege-escalation","pwn","pwnable","security"],"latest_commit_sha":null,"homepage":"https://speakerdeck.com/yuawn/kernel-exploitation","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/yuawn.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-12-17T05:33:31.000Z","updated_at":"2024-11-07T12:58:01.000Z","dependencies_parsed_at":"2022-08-31T18:22:40.694Z","dependency_job_id":null,"html_url":"https://github.com/yuawn/Linux-Kernel-Exploitation","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yuawn%2FLinux-Kernel-Exploitation","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yuawn%2FLinux-Kernel-Exploitation/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yuawn%2FLinux-Kernel-Exploitation/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yuawn%2FLinux-Kernel-Exploitation/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/yuawn","download_url":"https://codeload.github.com/yuawn/Linux-Kernel-Exploitation/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":227607464,"owners_count":17792921,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ctf","kernel","kernel-exploitation","linux","linux-kernel","privilege-escalation","pwn","pwnable","security"],"created_at":"2024-12-01T18:19:59.522Z","updated_at":"2024-12-01T18:20:01.686Z","avatar_url":"https://github.com/yuawn.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Linux Kernel Exploitation\nLinux kernel exploitation lab.  \nSlide: [speakerdeck.com/yuawn/kernel-exploitation](https://speakerdeck.com/yuawn/kernel-exploitation)\n\n## Linux kernel exploitation techniques\n- ret2user\n    - status switch\n- modify cr4 register\n    - bypass smep\n    - bypass smap\n- kpti\n    - fix cr3 register\n    - swapgs_restore_regs_and_return_to_usermode()\n- kernel information leak\n    - useful kernel structure for UAF\n- modprobe_path\n- userfaultfd\n    - race condition\n- setxattr\n    - setxattr + userfaultfd\n- msg_msg\n- signal handler\n\n\n## Prepare files needed to compile kernel module\n```sh\nwget https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.10.1.tar.xz\ntar Jxvf linux-5.10.1.tar.xz\ncp .config linux-5.10.1\ncd linux-5.10.1\nmake menuconfig # load .config\nmake modules_prepare\n```\n\n## Compile linux kernel\n```sh\nsudo apt-get install build-essential libncurses-dev bison flex libssl-dev libelf-dev\nwget https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.10.1.tar.xz\ntar Jxvf linux-5.10.1.tar.xz\ncp .config linux-5.10.1\ncd linux-5.10.1\nmake menuconfig # load .config\nmake -j $(nproc)\n```\n\n## busybox\n```sh\nwget https://busybox.net/downloads/busybox-1.32.0.tar.bz2\ntar jxvf busybox-1.32.0.tar.bz2\ncd busybox-1.32.0\nmkdir build\nexport BUSYBOX_BUILD=$(pwd)/build\nmake O=$BUSYBOX_BUILD defconfig\nmake O=$BUSYBOX_BUILD menuconfig # Settings -\u003e Build Options: enable Build static binary (no shared libs)\ncd $BUSYBOX_BUILD\nmake -j 4\nmake install -j 4\n```\n\n## initramfs\n```sh\nmkdir rootfs\ncd rootfs\nmkdir -pv {bin,sbin,etc,proc,dev,tmp,sys,usr/{bin,sbin}}\ncp -r $BUSYBOX_BUILD/_install/* .\nvim init # Create init file\n```\n- Some files\n    - /etc/passwd\n    - /home/user\n    - /flag\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyuawn%2Flinux-kernel-exploitation","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fyuawn%2Flinux-kernel-exploitation","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyuawn%2Flinux-kernel-exploitation/lists"}