Introduction

The kernel is the layer which sits between applications and the hardware. It runs with root privileges, so if it gets exploited, privileges can be escalated. Finding kernel vulnerabilities and writing exploits for them is no trifling task, however, once such a vulnerability is made public and exploit code for it is developed, it easily becomes a low-hanging fruit for escalating privileges.

A very useful list of kernel exploits found to date is located here.

Finding already existing exploits is really easy - just search for the Linux kernel version!

Exploiting the Kernel

As an example, we are going to exploit dirtyc0w. This was a very ubiquitous exploit and can still be found on numerous outdated machines. The exploit itself has many versions but for demonstration purposes we are going to use the one at https://www.exploit-db.com/exploits/40839.

We need to first verify that our kernel version is in the vulnerable range.

Inside the exploit we see compilation instructions, which is typical of kernel exploits as they are usually written in C:

By compiling and running the exploit (it may actually take some time to execute), we have elevated our privileges!