This repository provides the assets used in
SecurityCamp2023
"C2 手を動かして理解するLinux Kernel Exploit" lecture.
At Security Camp 2023 organized mainly by IPA, we learned the basics of userland/kernel exploit.
This repository hosts all the assets used during the lecture I had.
This lecture was centered on CVE-2021-41073 io_uring type confusion bug.
We built exploits step by step to extend our primitives starting from a simple UAF.
/src: Challenges for the lecture. Each challenge hasUNIMPLEMENTEDcode that you need to implement./answer: Answers for the challenges. You can use this as a reference./nirugiri: Utility script for kernel exploit.
You can get assets at GitHub Release page.
dist.tar.gz: Set of challenges and answers.vmlinux.tar.gz:vmlinuxwith debug symbols of kernel v5.14 with io_uring bug.seccamp23c2-slide.pdf: Slide for the lecture.- Written in Japanese.
- Note that this slide simplifies some description for the simplicity. If you find any mistakes, contact me.
We also used P3LAND as a prior learning.
The final exploit strategy has low reliability. To stabilize the exploit, refer to the lecture slide.
To improve, fix, or ask questions about the contents, contact me (@smallkirby) by sending DM, mentioning on Twitter, or filing a issue on GitHub.
List of writeups I found. If you built your own exploit, please let me know :)
- Exploit by @robbert1978: improve stability by ROP
This lecture was made possible by the contribution of TSG members.