https://github.com/echo-devim/exploit_linux_kernel4.13

LPE on linux kernel based on CVE-2017-14954, CVE-2017-18344, CVE-2017-5123
https://github.com/echo-devim/exploit_linux_kernel4.13

Last synced: about 2 months ago
JSON representation

LPE on linux kernel based on CVE-2017-14954, CVE-2017-18344, CVE-2017-5123

Host: GitHub
URL: https://github.com/echo-devim/exploit_linux_kernel4.13
Owner: echo-devim
Created: 2022-03-11T12:54:10.000Z (almost 4 years ago)
Default Branch: main
Last Pushed: 2022-03-11T13:06:49.000Z (almost 4 years ago)
Last Synced: 2025-02-10T08:12:31.213Z (10 months ago)
Language: C
Size: 4.88 KB
Stars: 1
Watchers: 2
Forks: 1
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

          This repo contains an old poc that combines three CVEs (CVE-2017-14954, CVE-2017-18344, CVE-2017-5123).

The poc is a Local Privilege Escalation for Linux Kernel 4.13 (tested on Ubuntu).

The exploit uses an info leak (CVE-2017-14954) to bypass KASLR, an arbitrary read (CVE-2017-18344) to read the kernel memory looking for the `struct cred` for user with uid 1000 (non privileged) and uses the buggy `waitid` system call (CVE-2017-5123) to overwrite the uid value with 0 (root).

I'm not the original author of the three exploits, I just combined them as an exercise.

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/echo-devim/exploit_linux_kernel4.13

Awesome Lists containing this project

README