Kernel Exploitation


Software Exploitation

You've taken your first steps into kernel exploitation with Kernel Security.

Are you ready to kick your knowledge up a notch to understand how real-world Linux kernel exploitation is done?

This module will provide you with the guide that you need to become an expert in Linux kernel exploitation.

Note 1: this module does not currently have recordings. Proceed at your own risk.

Note 2: this is a kernel exploitation module, and requires you to run vm connect to drop into the virtual machine where the challenge is running. You can get logs using vm logs and (in Practice Mode) debug the kernel using vm debug.

Note 3: for technical reasons, we had to disable virtualization on this module. The VM will be slow --- consider doing heavy tasks like compiling in the normal workspace (e.g., in a terminal where you have not done vm connect).


Lectures and Reading


Challenges

get a hang of how Linux kernel heap works with no protection-ish, have fun!

time to try some "real-tm" kernel exploitation (randomized freelist) with no "win" functions!

well, real-world kernels have this weird KASLR thingy

how do you exploit the kernel with no function pointers?

alright, can you pwn it with "HARDENED" freelist?

now, we are working on "real" linux kernel heap!

msg the kernel for the win!

no more USERCOPY, what now?


Ranking

This scoreboard reflects solves for challenges in this module after the module launched in this dojo.

Rank Hacker Badges Score