Repo for FUZE project. I will also publish some Linux kernel LPE exploits for various real world kernel vulnerabilities here. the samples are uploaded for education purposes for red and blue teams.

Related tags

Deep Learning Linux_kernel_exploits
Overview

Linux_kernel_exploits

Some Linux kernel exploits for various real world kernel vulnerabilities here. More exploits are yet to come.

This repo contains the exploits developed during a research project, as well as the code of FUZE to facilitate exploit generation.

What is FUZE

FUZE is a framework to facilitate linux kernel exploitation, here is the baisc idea of how it works:

  1. Critical information extraction we need to understand both spatial and temporal metadata of this vulnerability
  2. under context kernel fuzzing to find sensitive operation over the vulnerable object, e.g. dereferencing a dangling pointer
  3. partial symbolic execution After finding the dereference site of the vulnerable object, we start execution right before the dereference site, set the value in vulnerable object which can be controlled by us as symbolic bytes.

Dependency

angr, qemu-system-x86_64, ROPGadget, pwntools, GDB, gef, capstone, KASAN, ftrace

Install

To install FUZE, run the following command

git clone https://github.com/ww9210/Linux_kernel_exploits
cd Linux_kernel_exploits
python setup.py install --user

Documentation

TODO here, currently you can browser the code under fuze/test

Publication

For more details about facilitating linux kernel exploits, please refer to our USENIX paper:

@inproceedings{wu18fuze,
  title={FUZE: Towards Facilitating Exploit Generation for Kernel Use-After-Free Vulnerabilities},
  author={Wu, Wei and Chen, Yueqi and Xu, Jun and Xing, Xinyu and Gong, Xiaorui and Zou, Wei},
  booktitle={27th USENIX Security Symposium (USENIX Security 18)},
  organization={USENIX Association}
}

If this repo is of help to your research, we really appreciate you for citing the above paper.

You might also like...
This package proposes simplified exporting pytorch models to ONNX and TensorRT, and also gives some base interface for model inference.

PyTorch Infer Utils This package proposes simplified exporting pytorch models to ONNX and TensorRT, and also gives some base interface for model infer

Alex Gorodnitskiy 11 Mar 20, 2022
Final project for machine learning (CSC 590). Detection of hepatitis C and progression through blood samples.

Hepatitis C Blood Based Detection Final project for machine learning (CSC 590). Dataset from Kaggle. Using data from previous hepatitis C blood panels

Jennefer Maldonado 1 Dec 28, 2021
I created My own Virtual Artificial Intelligence named genesis, He can assist with my Tasks and also perform some analysis,,

Virtual-Artificial-Intelligence-genesis- I created My own Virtual Artificial Intelligence named genesis, He can assist with my Tasks and also perform

AKASH M 1 Nov 5, 2021
Red Team tool for exfiltrating files from a target's Google Drive that you have access to, via Google's API.

GD-Thief Red Team tool for exfiltrating files from a target's Google Drive that you(the attacker) has access to, via the Google Drive API. This includ

Antonio Piazza 39 Dec 27, 2022
Pytorch implementation of RED-SDS (NeurIPS 2021).

Recurrent Explicit Duration Switching Dynamical Systems (RED-SDS) This repository contains a reference implementation of RED-SDS, a non-linear state s

Abdul Fatir 10 Dec 2, 2022
Single Red Blood Cell Hydrodynamic Traps Via the Generative Design

Rbc-traps-generative-design - The generative design for single red clood cell hydrodynamic traps using GEFEST framework

Natural Systems Simulation Lab 4 Jun 16, 2022
DexterRedTool - Dexter's Red Team Tool that creates cronjob/task scheduler to consistently creates users

DexterRedTool Author: Dexter Delandro CSEC 473 - Spring 2022 This tool persisten

null 2 Feb 16, 2022
A Python library that enables ML teams to share, load, and transform data in a collaborative, flexible, and efficient way :chestnut:
A Python library that enables ML teams to share, load, and transform data in a collaborative, flexible, and efficient way :chestnut:

Squirrel Core Share, load, and transform data in a collaborative, flexible, and efficient way What is Squirrel? Squirrel is a Python library that enab

Merantix Momentum 249 Dec 7, 2022
A toolkit for making real world machine learning and data analysis applications in C++

dlib C++ library Dlib is a modern C++ toolkit containing machine learning algorithms and tools for creating complex software in C++ to solve real worl

Davis E. King 11.6k Jan 1, 2023
Comments
  • ImportError: No module named neo4j_interace

    ImportError: No module named neo4j_interace

    When I was trying to import concolicexecutor, it shows:

    ImportError: No module named neo4j_interace

    What is that package called neo4j_interace? I could not find it :( Sorry to disturb.

    opened by Lightninghkm 2
  • Questions about the exploitation of the CVE-2017-17053

    Questions about the exploitation of the CVE-2017-17053

    Hello, I would like to ask you about the exploit of CVE-2017-17053.

    I ran the exp for one night, but it still didn't stop, so I didn't analyze the exploit process through debugging.

    I read the code of exp, and compared to PoC, the ccid_alloc function seems to play an important role. I guess it wants to reuse the ldt_struct structure by allocating sockets. But the size of ldt_struct is 0x10, and a heap chunk of size 0x40 will be allocated in sock_alloc, which seems to be unusable (Maybe I got it wrong). In addition, I have not seen the operation of writing malicious data to the chunk, so I want to know how the control flow is hijacked.

    In summary, for CVE-2017-17053, I would like to ask:

    1. When will the ldt_struct structure be reused?
    2. When was the control flow hijacked?

    Looking forward to your answer, thank you!

    opened by 0xdd96 1
  • Could you please relase the dataflowanalyzer in python2

    Could you please relase the dataflowanalyzer in python2

    Hi, as titled, Since it is a really essential part in this framework, could you please relase the dataflowanalyzer in python2 at first? Thank you very much!

    opened by Lightninghkm 0
Owner
Wei Wu
Visiting Researcher @ Penn State PhD Candidate @ University of Chinese Academy of Sciences. Pwner @ Team NeSE.
Wei Wu
GitHub
A python-image-classification web application project, written in Python and served through the Flask Microframework. This Project implements the VGG16 covolutional neural network, through Keras and Tensorflow wrappers, to make predictions on uploaded images.

Image Classification in Python Implementing image classification in Flask using Keras. The VGG16 is a convolution neural network model architecture th

Gerald Maduabuchi 19 Dec 12, 2022
Using this codebase as a tool for my own research. Making some modifications to the original repo for my own purposes.

For SwapNet Create a list.txt file containing all the images to process. This can be done with the GNU find command: find path/to/input/folder -name '

Andrew Jong 2 Nov 10, 2021
Real-ESRGAN: Training Real-World Blind Super-Resolution with Pure Synthetic Data

Real-ESRGAN Real-ESRGAN: Training Real-World Blind Super-Resolution with Pure Synthetic Data Ported from https://github.com/xinntao/Real-ESRGAN Depend

Holy Wu 44 Dec 27, 2022
This repo is about implementing different approaches of pose estimation and also is a sub-task of the smart hospital bed project :smile:

Pose-Estimation This repo is a sub-task of the smart hospital bed project which is about implementing the task of pose estimation ?? Many thanks to th

Max 11 Oct 17, 2022
Cancer-and-Tumor-Detection-Using-Inception-model - In this repo i am gonna show you how i did cancer/tumor detection in lungs using deep neural networks, specifically here the Inception model by google.

Cancer-and-Tumor-Detection-Using-Inception-model In this repo i am gonna show you how i did cancer/tumor detection in lungs using deep neural networks

Deepak Nandwani 1 Jan 1, 2022
A Planar RGB-D SLAM which utilizes Manhattan World structure to provide optimal camera pose trajectory while also providing a sparse reconstruction containing points, lines and planes, and a dense surfel-based reconstruction.

ManhattanSLAM Authors: Raza Yunus, Yanyan Li and Federico Tombari ManhattanSLAM is a real-time SLAM library for RGB-D cameras that computes the camera

null 117 Dec 28, 2022
Colour detection is necessary to recognize objects, it is also used as a tool in various image editing and drawing apps.

Colour Detection On Image Colour detection is the process of detecting the name of any color. Simple isn’t it? Well, for humans this is an extremely e

Astitva Veer Garg 1 Jan 13, 2022
Fuzzer for Linux Kernel Drivers

difuze: Fuzzer for Linux Kernel Drivers This repo contains all the sources (including setup scripts), you need to get difuze up and running. Tested on

seclab 344 Dec 27, 2022
RCD: Relation Map Driven Cognitive Diagnosis for Intelligent Education Systems

RCD: Relation Map Driven Cognitive Diagnosis for Intelligent Education Systems This is our implementation for the paper: Weibo Gao, Qi Liu*, Zhenya Hu

BigData Lab @USTC 中科大大数据实验室 10 Oct 16, 2022
This repository allows you to anonymize sensitive information in images/videos. The solution is fully compatible with the DL-based training/inference solutions that we already published/will publish for Object Detection and Semantic Segmentation.

BMW-Anonymization-Api Data privacy and individuals’ anonymity are and always have been a major concern for data-driven companies. Therefore, we design

BMW TechOffice MUNICH 148 Dec 21, 2022