This is a playground for the Linux kernel exploitation experiments. Only basic methods. Just for fun.
Contents:
- drill_mod.c - a small Linux kernel module with nice vulnerabilities. You can interact with it via a simple procfs interface.
- drill.h - a header file describing the
drill_mod.kointerface. - drill_test.c - a test for
drill_mod.ko. It should also pass if the kernel is built withCONFIG_KASAN=y. - drill_exploit_uaf_callback.c - a basic use-after-free exploit invoking a callback in the freed
drill_item_tstruct.
N.B. Only basic exploit techniques here.
So compile your kernel with x86_64_defconfig and run it with pti=off nokaslr boot arguments.
Also don't forget to run qemu-system-x86_64 with -cpu qemu64,-smep,-smap.
License: GPL-3.0.
Have fun!
- At GitHub: https://github.com/a13xp0p0v/kernel-hack-drill
- At Codeberg: https://codeberg.org/a13xp0p0v/kernel-hack-drill (go there if something goes wrong with GitHub)
- At GitFlic: https://gitflic.ru/project/a13xp0p0v/kernel-hack-drill