Ret2Forever

Actions speak louder than words

  • Home
  • About
  • Archies
  • Friendlinks
  • Contact

Posts Tagged → kernel

Linux-Kernel-Exploit Stack Smashing

posted in Exploit, Kernel-exploit on 2018-02-26 by Tac1t0rnX 0 Comments

  • Bug
  • Poc
  • Exploit
    • System call mechanism
    • trap frame
    • debug
  • Mitigate
  • References

Principle of kernel stack overflow and the user mode stack overflow are the same, we can use it to hijack control flow and privilge Escalation in Ring 0.

Continue reading →

Linux-Kernel-Exploit NULL dereference

posted in Exploit, Kernel-exploit on 2018-02-22 by Tac1t0rnX 0 Comments

  • Bug
  • Poc
  • Exp
  • Mitigate
  • References

Continue reading →

Linux-Kernel-Exploit Stack Smashing

posted in Kernel-exploit on 2018-02-15 by Tac1t0rnX 0 Comments

  • Bug
  • Poc
  • Exploit

    • System call mechanism
    • trap frame
    • debug
  • Mitigate
  • References

Principle of kernel stack overflow and the user mode stack overflow are the same, we can use it to hijack control flow and privilge Escalation in Ring 0.

Continue reading →

Linux Kernel Exploit Environment

posted in Exploit, Kernel-exploit on 2018-02-15 by Tac1t0rnX 0 Comments

  • Qemu
  • 编译linux内核
  • 编译busy-box
  • 启动Qemu
  • 最终配置
  • 参考资料

环境配置:

  • 主机MacosX
  • 虚拟机Ubuntu 12.04 x86
  • qemu
  • linux-2.6.32
  • busybox 1.19.4

Continue reading →

  • 1

Categories

  • Exploit (19)
    • Heap-exploit (6)
    • Kernel-exploit (4)
    • mitigate (5)
  • Linux (5)
  • Writeup (20)
    • Pwn (20)

Views

  • Linux-Kernel-Exploit Stack Smashing - 4,380 views
  • Pwnable.tw secretgarden - 1,676 views
  • Home - 1,530 views
  • 2018强网杯QWB Writeup - 1,290 views
  • Pwnable.tw Babystack-Deathnote-Alivenote - 1,130 views
  • Stack Pivot - 1,097 views
  • Pwnable.tw Appstore-Seethefile-Spirited_away - 1,066 views
  • House of orange🍊 - 1,055 views
  • HITB-GSEC-XCTF 2018 Pwn-Writeup - 746 views
  • Poison null byte - 746 views

Archives

Tags

ctf-pwn (28) exploit (17) heap (7) kernel (4) linux (5) mitigating (5) pwnable.tw (7) summary (21) writeup (17)
By Tac1t0rnX