Skip to content
/ kernelpop Public
forked from spencerdodd/kernelpop

kernel privilege escalation enumeration and exploitation framework

0 stars 131 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

PhantasmLab/kernelpop

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

73 Commits
exploits
exploits
 
 
img
img
 
 
playground
playground
 
 
src
src
 
 
test
test
 
 
README.md
README.md
 
 
constants.py
constants.py
 
 
kernelpop.py
kernelpop.py
 
 

Repository files navigation

kernelpop

NOTE:

Since it seems like this project is getting some clones / views, I should say this is a work in progress. While the linux enumeration is functional, I haven't fully implemented the Windows and Mac functionality. The next steps in order of priority are:

  • add windows functionality

  • add more exploits

  • add mac functionality

I'm taking class and working fulltime so getting programming time is sporadic, but I will try to get as many contribs in as I can. Thanks!

kernelpop is a framework for performing automated kernel exploit enumeration on Linux, Mac, and Windows hosts.

old-kernel

requirements

python3

currently supported CVE's:

*CVE-2017-1000367

*CVE-2017-1000112

*CVE-2017-7308

*CVE-2017-6074

*CVE-2017-5123

*CVE-2016-5195

*CVE-2016-2384

*CVE-2016-0728

*CVE-2015-7547

*CVE-2015-1328

*CVE-2014-4699

*CVE-2014-4014

*CVE-2014-3153

*CVE-2014-0196

*CVE-2009-1185

run modes

default mode

The default mode runs with the command python3 kernelpop.py. This processes information about the host kernel and compares it to the known kernel exploits available to the program. It then outputs a list of potentially useful vulnerabilities and attached exploits.

default-mode

brute-enumeration mode

The brute-enumeration mode performs the same checks, but then goes beyond and checks the computer for exploit prerequisites to see if the operating system is set up in the required vulnerable state for successful exploitation.

brute-mode

input mode

The input mode allows you to perform enumeration with just the output of a uname -a command, which makes it useful as a host-side enumeration tool.

input-mode

One feature currently only partially implemented is brute-exploit mode. This is set to prepare, compile, and run exploits in order to confirm an exploitable kernel. However, as of now it would only run on the box the program is executed on. Given that this is a fairly large project to bring on to someone else's computer, and makes considerable noise when compiling and checking exploit attempts, it would be poor OPSEC to use in an actual engagement. At some point in the future, I would like to integrate it into my other project pysploit for enumeration and the reckless, noisy, exploity brute-exploit mode.

exploit sources

https://github.com/SecWiki/linux-kernel-exploits

https://www.exploit-db.com/local/

https://github.com/SecWiki/windows-kernel-exploits

About

kernel privilege escalation enumeration and exploitation framework

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • C 80.2%
  • Python 19.8%