spencerdodd / kernelpop Goto Github PK
View Code? Open in Web Editor NEWkernel privilege escalation enumeration and exploitation framework
kernel privilege escalation enumeration and exploitation framework
https://github.com/bcoles/kernel-exploits/blob/master/CVE-2017-1000112/poc.c
I'm maintaining an updated exploit in the cve-2017-1000112
branch of my fork of xairy's exploit.
I've added new offsets, new KASLR bypasses, support for other Ubuntu-based Linux distros (such as Linux Mint), and networking support for post-exploitation.
The help (./kernelpop.py --help) says to use --dump for json...it is actually --digest
It would be fantastic if you could pass uname -a
as a command line argument. Like this:
python3 ./kernelpop.py -u "Linux kali 4.14.0-kali3-amd64 #1 SMP Debian 4.14.17-1kali1 (2018-02-16) x86_64 GNU/Linux"
That would allow for use in your script in other script automation that we do while Red Teaming.
root@kali:/opt/kernelpop# ls
constants.py exploits img kernelpop.py playground README.md src test
root@kali:/opt/kernelpop# python kernelpop.py
##########################
##########################
[+] underlying os identified as a linux variant
[+] kernel Linux-4.13.0-kali1-amd64-x86_64-with-Kali-kali-rolling-kali-rolling identified as:
type: linux
distro: unknown
version: 4.13-1
architecture: x86_64
[*] matching kernel to known exploits
Traceback (most recent call last):
File "kernelpop.py", line 17, in
main()
File "kernelpop.py", line 7, in main
kernelpop()
File "/opt/kernelpop/src/kernelpop.py", line 377, in kernelpop
identified_exploits = find_exploit_locally(kernel_v)
File "/opt/kernelpop/src/kernelpop.py", line 261, in find_exploit_locally
exploit_instance = exploit_module()
File "/opt/kernelpop/exploits/linux/CVE20160728.py", line 10, in init
super().init()
TypeError: super() takes at least 1 argument (0 given)
root@kali:/opt/kernelpop# uname -a
Linux kali 4.13.0-kali1-amd64 #1 SMP Debian 4.13.4-2kali1 (2017-10-16) x86_64 GNU/Linux
Would you be interested in @giladoved and I adding the Huge Dirty Cow PoC, which causes many running and future programs to crash, to kernelpop?
https://github.com/bcoles/kernel-exploits/blob/master/CVE-2017-7308/poc.c
I'm maintaining an updated exploit in the cve-2017-7308
branch of my fork of xairy's exploit.
I've added new offsets, new KASLR bypasses, additional pre-exploitation checks, and networking support for post-exploitation.
./kernelpop.py -e
from: can't read /var/mail/src.kernelpop
from: can't read /var/mail/constants
./kernelpop.py: line 6: syntax error near unexpected token (' ./kernelpop.py: line 6:
def main():'
I think the issue is here:
File "/opt/kernelpop/src/kernelpop.py", line 163, in process_kernel_version
k_release = int(kernel_version.split("-")[2])
Please note that for the string "4.13.0-kali1-amd64", the kernel_version.split("-")[2] is "kali1" which cannot be cast to an int.
Please see commands ran below:
root@kali:/opt# git clone https://github.com/spencerdodd/kernelpop.git
Cloning into 'kernelpop'...
remote: Counting objects: 468, done.
remote: Compressing objects: 100% (164/164), done.
remote: Total 468 (delta 305), reused 465 (delta 302), pack-reused 0
Receiving objects: 100% (468/468), 5.62 MiB | 2.51 MiB/s, done.
Resolving deltas: 100% (305/305), done.
root@kali:/opt# cd kernelpop/
root@kali:/opt/kernelpop# ls
constants.py exploits img kernelpop.py playground README.md src test
root@kali:/opt/kernelpop# python3 kernelpop.py
##########################
##########################
[+] underlying os identified as a linux variant
Traceback (most recent call last):
File "kernelpop.py", line 17, in
main()
File "kernelpop.py", line 7, in main
kernelpop()
File "/opt/kernelpop/src/kernelpop.py", line 362, in kernelpop
kernel_v = get_kernel_version()
File "/opt/kernelpop/src/kernelpop.py", line 207, in get_kernel_version
return Kernel(kernel_version["normal"])
File "/opt/kernelpop/src/kernelpop.py", line 15, in init
self.release, self.architecture, self.uname = self.process_kernel_version(kernel_version, uname=uname)
File "/opt/kernelpop/src/kernelpop.py", line 163, in process_kernel_version
k_release = int(kernel_version.split("-")[2])
ValueError: invalid literal for int() with base 10: 'kali1'
root@kali:/opt/kernelpop# uname -a
Linux kali 4.13.0-kali1-amd64 #1 SMP Debian 4.13.4-2kali1 (2017-10-16) x86_64 GNU/Linux
root@kali:/opt/kernelpop#
python3 kernelpop.py
##########################
##########################
[+] underlying os identified as a linux variant
Traceback (most recent call last):
File "kernelpop.py", line 30, in
main()
File "kernelpop.py", line 10, in main
kernelpop()
File "/tmp/kernelpop/src/kernelpop.py", line 489, in kernelpop
kernel_v = get_kernel_version()
File "/tmp/kernelpop/src/kernelpop.py", line 260, in get_kernel_version
return Kernel(kernel_version["normal"])
File "/tmp/kernelpop/src/kernelpop.py", line 15, in init
self.release, self.architecture, self.uname = self.process_kernel_version(kernel_version, uname=uname)
File "/tmp/kernelpop/src/kernelpop.py", line 185, in process_kernel_version
k_release = int(kernel_version.split("-")[2].replace("kali", ""))
ValueError: invalid literal for int() with base 10: 'rc7+'
Since kernelpop is written with python3, how is it supposed to work on redhat/centos distributions? e.g CentOS 6.3
Looks like py2installer is the only way around?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.