Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/ww9210/linux_kernel_exploits

Repo for FUZE project. I will also publish some Linux kernel LPE exploits for various real world kernel vulnerabilities here. the samples are uploaded for education purposes for red and blue teams.
https://github.com/ww9210/linux_kernel_exploits

Last synced: 11 days ago
JSON representation

Repo for FUZE project. I will also publish some Linux kernel LPE exploits for various real world kernel vulnerabilities here. the samples are uploaded for education purposes for red and blue teams.

Host: GitHub
URL: https://github.com/ww9210/linux_kernel_exploits
Owner: ww9210
License: mit
Created: 2018-03-13T23:47:22.000Z (over 6 years ago)
Default Branch: master
Last Pushed: 2018-09-07T00:02:48.000Z (about 6 years ago)
Last Synced: 2024-08-03T20:03:48.629Z (3 months ago)
Language: C
Homepage:
Size: 11.6 MB
Stars: 490
Watchers: 45
Forks: 112
Open Issues: 4
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# Linux_kernel_exploits
Some Linux kernel exploits for various real world kernel vulnerabilities here.
More exploits are yet to come.

This repo contains the exploits developed during a research project, as well as the code of FUZE to facilitate exploit generation.

## What is FUZE
FUZE is a framework to facilitate linux kernel exploitation, here is the baisc idea of how it works:

1. **Critical information extraction** we need to understand both spatial and temporal metadata of this vulnerability
2. **under context kernel fuzzing** to find sensitive operation over the vulnerable object, e.g. dereferencing a dangling pointer
3. **partial symbolic execution** After finding the dereference site of the vulnerable object, we start execution right before the dereference site, set the value in vulnerable object which can be controlled by us as symbolic bytes.

## Dependency
angr, qemu-system-x86_64, ROPGadget, pwntools, GDB, gef, capstone, KASAN, ftrace

## Install
To install FUZE, run the following command

```
git clone https://github.com/ww9210/Linux_kernel_exploits
cd Linux_kernel_exploits
python setup.py install --user
```

## Documentation
TODO here, currently you can browser the code under fuze/test

## Publication
For more details about facilitating linux kernel exploits, please refer to our USENIX paper:
```
@inproceedings{wu18fuze,
title={FUZE: Towards Facilitating Exploit Generation for Kernel Use-After-Free Vulnerabilities},
author={Wu, Wei and Chen, Yueqi and Xu, Jun and Xing, Xinyu and Gong, Xiaorui and Zou, Wei},
booktitle={27th USENIX Security Symposium (USENIX Security 18)},
organization={USENIX Association}
}
```
If this repo is of help to your research, we really appreciate you for citing the above paper.