yuriicrimson / exploitgsm Goto Github PK

View Code? Open in Web Editor NEW

825.0 825.0 131.0 1.73 MB

Exploit for 6.4 - 6.5 kernels and another exploit for 5.15 - 6.5

License: MIT License

CMake 0.23% C 99.77%

exploitgsm's People

Contributors

Stargazers

Watchers

Forkers

merimomotaj spidy0x0 seahop alexmyczko passwa11 gmh5225 katurov neoncloud weedcookie jullyanolino xiaozhi1314 edd13mora niebelungen-d ashlq ipcjk apkunpacker lisieckir justjashu zha0 killvxk eblab nickhakkz staybeautiful-collab malinowy5 el-buku omansh-krishn jiuh-star pycabbage vaginessa mygituni cephurs fkadibs kaelworkstation oleksandr-1993 hackintoanetwork samanl33t infernalheaven lck0 markuspfundstein chf0x jafaribnmustaf nighsliv crackercat joe0x04 faqihsalban chunhualiu naterator dgh05t wingerbijay dummykitty range3 fandu2014 s1204it mastar3 minhnq1618 omichels vngkv123 rolek84k baidxi ntkscnzv shantanu561993 snowpiaoling node011 ajgappmark hktonylee mass1ve-err0r nullcult yeshuibo lycsqq day0xy 0x737 misterypoem pirenga lovedolove-forked-projects snehiptv eltociear kingbochen pourmoeziashkan pventuzelo hackintosch postil-z babixzbaby-vodhunter geraldgilbert1991 rightpop-j crayonupdatese insidelifel ox-softonal tonyonst-t adanceteen coolig8 sleeventi-d agriffondirty 78dekkolo confidesi-funnywitha gament7chattymp 18notesys readyna-o beeag80 rapsimple-spearoomt audiencheb

exploitgsm's Issues

Ubuntu HWE Kernel 6.5.0-27

Hey,

with your latest commits, the ExploitGSM6_5 compiles under Ubuntu 22.04 successfully. The exploit was successful with kernel package version 6.5.0-25 on my machine:

begin try leak startup_xen!
startup_xen leaked address -> ffffffffbc6933c0
text leaked address -> ffffffffba000000
lockdep_map_size -> 32
spinlock_t_size -> 4
mutex_size -> 32
tty port -> 376
tty buffhead -> 136
dead -> 524
waiting setconf dlci thread
Wait 3 sec for ending kernel work execution
We get root, spawn shell
To run a command as administrator (user "root"), use "sudo ".
See "man sudo_root" for details.

root@machine:/root# uname -a
Linux machine 6.5.0-25-generic #25~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Tue Feb 20 16:09:15 UTC 2 x86_64 x86_64 x86_64 GNU/Linux

The latest kernel package is 6.5.0-27 with Ubuntu 22.04 HWE version. If you adjust main.c to match kernel package version 6.5.0-27 the exploit can be executed. However, it just fails. Is the exploit limited to ubuntu 6.5.0-25 package and 6.5.0-27 is safe?

Is my proxmox vulnerable

hello I have multiples proxmox nodes running on 6.5.13-1-pve, 6.5.13-3-pve, 6.5.13-5-pve

Am I vulnerable to this exploit ?

Does this have a CVE yet ?

If you're interested in the process, it is documented in kernel and you can see it here:

https://lwn.net/ml/linux-kernel/2024021314-unwelcome-shrill-690e@gregkh/

Who is the original author?

https://github.com/jmpe4x/GSM_Linux_Kernel_LPE_Nday_Exploit/tree/main

This was pushed 3 weeks ago and the exploit is bar from a few lines identical. The writeup (after translation to english) is also a close copy of https://jmpeax.dev/The-tale-of-a-GSM-Kernel-LPE.html.

OffsetGenerator needs to be run as root

On at least stock Debian 12 and Ubuntu 22/23, the kallsym table only emits zero address values when called as unprivileged user. The easiest way to circumvent this is to run the OffsetGenerator as root. Since this needs to be called only once per kernel version (right?), this is not a huge issue - further versions of the PoC will most likely have a larger list of kernels/distros.
I'm not sure if this should be documented though.

error: field ‘config’ has incomplete type
  228 |     struct gsm_dlci_config config;
      |                            ^~~~~~
In file included from /usr/include/x86_64-linux-gnu/asm/ioctl.h:1,
                 from /usr/include/linux/ioctl.h:5,
                 from /usr/include/linux/gsmmux.h:6,
                 from /home/kronosplay/Desktop/ExploitGSM/ExploitGSM_6_5/main.c:7:
/home/kronosplay/Desktop/ExploitGSM/ExploitGSM_6_5/main.c: In function ‘thread_setconf_dlci’:
/home/kronosplay/Desktop/ExploitGSM/ExploitGSM_6_5/main.c:54:46: error: invalid application of ‘sizeof’ to incomplete type ‘struct gsm_dlci_config’
   54 | #define GSMIOC_SETCONF_DLCI     _IOW('G', 8, struct gsm_dlci_config)
      |                                              ^~~~~~
/home/kronosplay/Desktop/ExploitGSM/ExploitGSM_6_5/main.c:1137:42: note: in expansion of macro ‘GSMIOC_SETCONF_DLCI’
 1137 |     args->retval = ioctl(args->fd_input, GSMIOC_SETCONF_DLCI, &args->config);
      |                                          ^~~~~~~~~~~~~~~~~~~
/home/kronosplay/Desktop/ExploitGSM/ExploitGSM_6_5/main.c: In function ‘thread_getconf_dlci’:
/home/kronosplay/Desktop/ExploitGSM/ExploitGSM_6_5/main.c:53:47: error: invalid application of ‘sizeof’ to incomplete type ‘struct gsm_dlci_config’
   53 | #define GSMIOC_GETCONF_DLCI     _IOWR('G', 7, struct gsm_dlci_config)
      |                                               ^~~~~~
/home/kronosplay/Desktop/ExploitGSM/ExploitGSM_6_5/main.c:1146:42: note: in expansion of macro ‘GSMIOC_GETCONF_DLCI’
 1146 |     args->retval = ioctl(args->fd_input, GSMIOC_GETCONF_DLCI, &args->config);
      |                                          ^~~~~~~~~~~~~~~~~~~
gmake[2]: *** [CMakeFiles/ExploitGSM.dir/build.make:76: CMakeFiles/ExploitGSM.dir/main.c.o] Error 1
gmake[1]: *** [CMakeFiles/Makefile2:83: CMakeFiles/ExploitGSM.dir/all] Error 2

yuriicrimson / exploitgsm Goto Github PK

exploitgsm's People

Contributors

Stargazers

Watchers

Forkers

exploitgsm's Issues

Ubuntu HWE Kernel 6.5.0-27

Is my proxmox vulnerable

Does this have a CVE yet ?

Who is the original author?

OffsetGenerator needs to be run as root

未经授权披露专有漏洞 - 需要立即采取行动

CMake refuses to cooperate

Compile issue in ubuntu

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent