Skip to content
/ linux-kernel-exploits Public
forked from kkamagui/linux-kernel-exploits

Linux kernel exploits for local privilege escalation

License

GPL-2.0 license
1 star 27 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mosaa404/linux-kernel-exploits

BranchesTags
 
 

Repository files navigation

Linux kernel exploits for local privilege escalation

Background

It is hard to find Linux kernel exploits and local privilege escalation exploits are rarely found. Fortunately, exploit-db has all kinds of exploits including the local privilege escalation (thank you exploit-db!). However, it is hard to test them because of the nature of the exploit.

For this reason, I set up an environment with Ubuntu 16.04.01 and tested local privilege escalation exploits of exploit-db. The working exploits are shown below (the list will be updated continuously).

No CVE ID and Exploit Kernel Version
1 CVE-2016-4557 kernel-4.4.0-21-generic
2 CVE-2016-5195 kernel-4.4.0-21-generic, 4.4.0-31-generic
3 CVE-2016-8655 kernel-4.4.0-21-generic
4 CVE-2017-6074 kernel-4.4.0-21-generic
5 CVE-2017-7308 kernel-4.8.0-41-generic
6 CVE-2017-1000112 kernel-4.8.0-58-generic
7 CVE-2017-16995 kernel-4.10.0-28-generic

Disclaimer

The exploits are not stable. They can corrupt your system and you need to disable some kernel protection features for testing them. For this reason, I strongly recommend a virtual machine environment to you.

How to use

Install Ubuntu 16.04.01 version and clone the project.

# Clone the repository
$> git clone https://github.com/kkamagui/linux-kernel-exploits.git

Install the specific kernel version for exploits and disable kernel protection feature.

# Install the kernel to test exploits. ex) kernel-4.4.0-21-generic for CVE-2016-4557
$> sudo apt update 
$> sudo apt install linux-image-4.4.0-21-generic
$> sudo apt install linux-image-extras-4.4.0-21-generic

# Add "nosmap nosmep nokaslr" to disable kernel protection feature and disable GRUB_HIDDEN_TIMEOUT to choose a specific kernel
$> sudo vi /etc/default/grub
...
#GRUB_HIDDEN_TIMEOUT=0
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash nosmap nosmep nokaslr"

# Update GRUB and reboot
$> sudo update-grub
$> reboot

Boot and choose the specific kernel and compile exploits.

Recommend recompiling every time to clean up.

# ex) CVE-2016-4557 for testing
$> cd linux-kernel-exploits/kernel-4.4.0-21-generic/CVE-2016-4557
$> ./compile.sh

# Run the exploit
$> ./CVE-2016-4557
.......
got root!
$root> id
uid=0(root) gid=0(root) groups=0(root)

Contributions

Your contributions are always welcome! If you have nice exploits, please share them with others.

About

Linux kernel exploits for local privilege escalation

Resources

Readme

License

GPL-2.0 license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • C 99.3%
  • Shell 0.7%