Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

vm.mmap_min_addr = 65535 #2

Open
pavlinux opened this issue Oct 23, 2017 · 1 comment
Open

vm.mmap_min_addr = 65535 #2

pavlinux opened this issue Oct 23, 2017 · 1 comment

Comments

@pavlinux
Copy link

pavlinux commented Oct 23, 2017
edited
Loading

default kernels vm.mmap_min_addr = 65535

vm.mmap_min_addr = 65535
./exploit 0xffffffff81f3f45a
/ # su tutu
/ $ ./exploit 0xffffffff81f3f45a
[+] Find prepare_kernel_cred...
[+] Found prepare_kernel_cred at ffffffff810753d0
[+] Find commit_creds...
[+] Found commit_creds at ffffffff81075050
[+] Try to allocat 0x00000000...
[-] Failed to allocat 0x00000000
/ $ id
uid=1001(tutu) gid=1001(tutu) groups=1001(tutu)
/ $

Ooops
@iddq
Copy link

iddq commented Jan 24, 2018
edited
Loading

I tried it with vm.mmap_min_addr = 0 with no success

user1@debian:~$ uname -a
Linux debian 4.9.30 #7 SMP Wed Jan 10 22:35:50 CET 2018 x86_64 GNU/Linux
user1@debian:~$ ./exploit_null_ptr_deref 0xffffffff9d600000
[+] Find prepare_kernel_cred...
[+] Found prepare_kernel_cred at ffffffff9d698bf0
[+] Find commit_creds...
[+] Found commit_creds at ffffffff9d698880
[+] Try to allocat 0x00000000...
[+] Allocation success !
fork_ret = 4821
[-] failed to get root shell :(
user1@debian:~$ fork_ret = 0
user1@debian:~$ id
uid=1004(user1) gid=1004(user1) groups=1004(user1)
user1@debian:~$ 
user1@debian:~$

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pavlinux @iddq