CVE-2017-5123

PoC CVE-2017-5123 - LPE - Bypassing SMEP/SMAP. No KASLR

CVE-2017-5123 PoC CVE-2017-5123 - LPE - Bypassing SMEP/SMAP No KASLR The waitid implementation in upstream kernels did not restrict the target destination to copy information results This can allow local users to write to otherwise protected kernel memory, which can lead to privilege escalation Introduction In this little writeup, I will analyze a kernel vulnerability that

Source code and configuration files related to our article in MISC96

Exploiting CVE-2017-5123 Introduction This repository is an addition to the article published in MISC Magazine #96 We achieved to elevate our privileges in a reliable way, on our virtual machine with SMEP / SMAP and KASLR enabled It should however be noted that the system if left in an unstable state and that a oops is very likely to occur Contents of this repository In the

LPE on linux kernel based on CVE-2017-14954, CVE-2017-18344, CVE-2017-5123

This repo contains an old poc that combines three CVEs (CVE-2017-14954, CVE-2017-18344, CVE-2017-5123) The poc is a Local Privilege Escalation for Linux Kernel 413 (tested on Ubuntu) The exploit uses an info leak (CVE-2017-14954) to bypass KASLR, an arbitrary read (CVE-2017-18344) to read the kernel memory looking for the struct cred for user with uid 1000 (non privileged) a

Resources for CloudNative security research

Cloud Native Security Resources for Cloud Native Security Research, such as Docker, Kubernetes, etc Pull request welcome Intro 2021:"The Zero Trust Security Practice" by Kevin Chen - article, CN 2020:"Cloud Native Security: Container Security Practice" by Pray3r - article, CN Series of articles: Exploring Container Security by Google - articles Kernel and

A list of kernel exploits / CVE POCs

kernel-POCs A list of kernel exploits / CVE POCs CVE-2017-5123

Exploit for the linux kernel vulnerability CVE-2017-5123

CVE-2017-5123 Exploit for the kernel vulnerability CVE-2017-5123 You can compile it with: gcc -static -Wall -Wextra -Werror -o cve20175123 CVE-2017-5123c If you want further explanation, I've wrote an article explaining how it's work, you can find it here This exploit is more reliable than the previous published by hexpresso, but it's still not perfect, he won&#

CVE-2017-5123 Bug overview Waitid system call trong linux kernel đã không xác thực địa chỉ đích được dùng Điều này có thể cho phép người dùng cục bộ có quyền ghi vào vùng nhớ kernel, có thể dẫn đến leo thang đặc quyền trên thiết bị hoặc

Resources Collection of resources for my preparation to take the OSEE certification Based on the syllabus from Offensive Security My review can be found here Browser Exploitation Safari/Chrome/Webkit Exploiting a Safari information leak by Bruno Keith Attacking Client-Side JIT Compilers by Samuel Groß Exploiting Logic Bugs in JavaScript JIT Engines by Samuel

Collection of resources for my preparation to take the OSEE certification.

Resources Collection of resources for my preparation to take the OSEE certification Based on the syllabus from Offensive Security My review can be found here Browser Exploitation Safari/Chrome/Webkit Exploiting a Safari information leak by Bruno Keith Attacking Client-Side JIT Compilers by Samuel Groß Exploiting Logic Bugs in JavaScript JIT Engines by Samuel

container-privilege-escalation This repository has the sources and utilities required to exploit the CVE-2017-5123 vulnerability which affected Linux kernel 413 A more detailed explanation of the exploit can be found on other websites such as and We will use Ubuntu 1604 for this exploit Compile and install vulnerable Linux kernel We need to first compile and install

Resources for CloudNative security research

Cloud Native Security Resources for Cloud Native Security Research, such as Docker, Kubernetes, etc Pull request welcome Intro 2021:"The Zero Trust Security Practice" by Kevin Chen - article, CN 2020:"Cloud Native Security: Container Security Practice" by Pray3r - article, CN Series of articles: Exploring Container Security by Google - articles Kernel and

Mukemmel Sizma Testi Araclari Bilgisayar korsanları, pentesterler ve güvenlik araştırmacıları için harika listelerden oluşan bir koleksiyon Harika Bilgisayar Korsanlığı Araçlarının küratörlüğünde bir listesi Katkılarınız her zaman açığız! Mükemmel Repolar: Mükemmel Malware Analizi Harika kötü

A curated list of awesome privilege escalation

Awesome Privilege Escalation A curated list of awesome privilege escalation Table of Contents Linux Escape restricted shells SUDO and SUID Capabilities Tools Find CVEs NFS Presentations Windows DLL Hijacking Potato Unquoted services with spaces Groupsxml NoFilter Tools Presentations Linux and Windows Docker Tools Presentations Cloud AWS GCP Linux A guide to L

Awesome list of resources related to container security

awesome-container-security A collection of container related security resources Image Build Management Networking/Runtime Security profiles Exploits Honeypots Presentations/Posts Image Deepfence Runtime Threat Mapper Identify vulnerabilities in running containers, images, hosts and repositories Dagda Static image analysis tool Port Authority Open Source

README Note: The code in this repo is to demo the isolation of secure pod sandbox technologies such as kata containers and does not intend to attack any platforms How to re-produce Get linux kernel 4130 patch 0001-CVE-2017-5123-help-to-make-attack-safelypatch Build Linux kernel with config Kconfig Boot kernel and get address of dac_mmap_min_addr, have_canfork_callback, p

An ongoing & curated collection of awesome frameworks, and most important libraries, videos, learning tutorials , tools and and cool stuff about containers.

Microservices & Container Security Welcome To The World of Containers: A collection of awesome software, libraries, documents, books, resources and cool stuff about Microservices & Container Security Thanks to all contributors, you're awesome and wouldn't be possible without you! Our goal is to build a categorized community-driven collection of very

An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about Privileged Access Management (PAM) in Cybersecurity.

Privileged Access Management (PAM) An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about Privileged Access Management (PAM) in Cybersecurity Thanks to all contributors, you're awesome and

Microservices & Container Security Welcome To The World of Containers: A collection of awesome software, libraries, documents, books, resources and cool stuff about Microservices & Container Security Thanks to all contributors, you're awesome and wouldn't be possible without you! Our goal is to build a categorized community-driven collection of very

Awesome Privilege Escalation A curated list of awesome privilege escalation Table of Contents Linux Escape restricted shells SUDO and SUID Capabilities Tools Find CVEs NFS Presentations Windows DLL Hijacking Potato Unquoted services with spaces Groupsxml NoFilter Tools Presentations Linux and Windows Docker Tools Presentations Cloud AWS GCP Linux A guide to L

Privilege Escalation

Privilege-Escalation Privilege Escalation Table of Contents Linux Escape restricted shells SUDO and SUID Capabilities Tools Find CVEs NFS Presentations Windows DLL Hijacking Potato Unquoted services with spaces Groupsxml NoFilter Tools Presentations Linux and Windows Docker Tools Presentations Cloud AWS GCP Linux A guide to Linux Privilege Escalation: by Rash

README Note: The code in this repo is to demo the isolation of secure pod sandbox technologies such as kata containers and does not intend to attack any platforms How to re-produce Get linux kernel 4130 patch 0001-CVE-2017-5123-help-to-make-attack-safelypatch Build Linux kernel with config Kconfig Boot kernel and get address of dac_mmap_min_addr, have_canfork_callback, p

Source code and configuration files related to our article in MISC96

Exploiting CVE-2017-5123 Introduction This repository is an addition to the article published in MISC Magazine #96 We achieved to elevate our privileges in a reliable way, on our virtual machine with SMEP / SMAP and KASLR enabled It should however be noted that the system if left in an unstable state and that a oops is very likely to occur Contents of this repository In the

linux kernel exploit

CVE-2017-5123 Linux privilege escalation exploiting waitid syscall The exploit is brought to you by @XeR_0x2A and @chaign_c from HexpressoTeam for educational purposes only The bug was introduced the 2017-05-21 and fixed 2017-10-09, 4140-rc4+ is known vulnerable If you have a beginner/intermediate exploit writer level, we encourage you to exploit it yourself before readi