shekkbuilder / stackjacking Goto Github PK
View Code? Open in Web Editor NEWThis project forked from jonoberheide/stackjacking
PoC code for our presentation titled "Stackjacking Your Way to grsec/PaX Bypass"
Home Page: http://jon.oberheide.org
This project forked from jonoberheide/stackjacking
PoC code for our presentation titled "Stackjacking Your Way to grsec/PaX Bypass"
Home Page: http://jon.oberheide.org
/**************************************************************************** * Stackjacking: * A grsecurity/PaX exploit framework * * As demonstrated at Hackito Ergo Sum and Immunity INFILTRATE, April 2011 * * Dan Rosenberg ([email protected]) * Jon Oberheide ([email protected]) ***************************************************************************/ Congratulations on reading the README. Your prize is actually understanding what this code is, and what it isn't. There are no 0-days to be found here. What's included is a framework that we used to exploit a grsecurity-hardened Linux kernel given the existence of an arbitrary kernel write and the leakage of uninitialized structure members from a process' kernel stack. To be clear, this attack vector is completely unnecessary when exploiting a vanilla Linux kernel, since an arbitrary write is more than sufficient to get root, given the vast amount of useful targeting information Linux gives out via /proc, etc. Likewise, the information leakage performed by libkstack is also unnecessary on vanilla, since there are much easier ways of getting this information. However, due to GRKERNSEC_HIDESYM, which aims to make the kernel a black box for attackers by removing all known sources of information leakage, and PAX_KERNEXEC, which makes global data structures with known locations (such as the IDT) read-only, some hoops need to be jumped through in order to actually find a good target for a kernel write vulnerability. The specific attack vectors that we used during the presentation have since been mitigated by moving the thread_info struct off the kernel stack and by implementing kernel stack entry point randomization for 64-bit platforms. This code is being released because people asked for it and because pieces of it, especially libkstack, may be useful for future exploits. If you'd like to use this, you'll need to plug in an arbitrary kernel write into the kernel_write() function in util.c, and a kernel stack leak into leak_bytes() in leak.c. A sample suitable leak can be found in the examples/ directory. To build the exploit, just run "make". For details on the techniques used and the implementation, see the comments in the source code. TODO: -Detection of 4K vs. 8K kernel stacks (mostly done) -Support for partial (smaller than word) leaks (done, omitted for ease of use)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.