-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathkernelsploit.nix
93 lines (87 loc) · 2.79 KB
/
kernelsploit.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
# kernelsploit made by algoatson.
{ pkgs ? import <nixpkgs> { system = builtins.currentSystem; }
, kernel ? pkgs.linuxPackages_latest.kernel
, busybox ? pkgs.busybox
, buildfsUserEnv ? pkgs.buildFHSUserEnv
, mkShell ? pkgs.mkShell
, fetchurl ? pkgs.fetchurl
, lib ? pkgs.lib
}:
(buildfsUserEnv {
name = "Kernel & Software Development Environment";
targetPkgs = pkgs: with pkgs; [
dbus ltrace strace gcc llvm radare2 capstone
rustc cargo python311 libseccomp openssl zlib
glibc pkg-config nodejs fontconfig freetype zig
fuse glib pwncat pwntools uintpwndbg vbindiff
man-pages man-db getopt flex bison elfutils binutils
ncurses openssl gcc gnumake bc
perl libelf qemu
];
}).env // mkShell {
name = "kernelsploit";
version = "0.1.0";
author = "algoatson";
nativeBuildInputs = with pkgs; [
getopt flex bison gcc
gnumake bc pkg-config
binutils
];
buildInputs = with pkgs; [
elfutils ncurses openssl zlib busybox glibc
gcc binutils zlib glibc.dev glibc.static
];
shellHook = ''
mkdir -p ${kernel.name}
mkdir -p ${busybox.name}
tar -xf ${kernel.src} -C ${kernel.name} --strip-components=1
tar -xf ${busybox.src} -C ${busybox.name} --strip-components=1
cd ${kernel.name}
make mrproper
make defconfig kvm_guest.config
scripts/config --set-val DEBUG_INFO y
scripts/config --set-val DEBUG y
scripts/config --set-val GDB_SCRIPTS y
scripts/config --set-val DEBUG_DRIVER y
scripts/config --set-val KALLSYMS_ALL y
make -j$(nproc)
make bzImage
cd ../busybox-${busybox.version}
make defconfig
sed -i 's/# CONFIG_STATIC is not set/CONFIG_STATIC=y/g' ./.config
# make -j$(nproc) bzImage
make -j$(nproc)
make install
cd ..
qemu-img create fs.img 5G
mkfs.ext2 -F fs.img
mkdir fs
cat <<EOF > README.txt
Launch setup.sh with sudo permissions, follow the instructions, then launch launch.sh
EOF
cat <<EOF > setup.sh
# do these steps manually in your terminal one-by-one.
cd ${kernel.name}
make bzImage
cd ..
sudo mount -o loop fs.img fs
sudo debootstrap --arch amd64 buster fs
sudo rsync -avh --ignore-existing busybox*/_install/* fs/
cd fs/bin
find . -type l | while read -r link; do
target=$(readlink "$link")
if [ "$target" == "../../bin/busybox" ]; then
ln -sf ./busybox "$link"
fi
done
cd ../..
sudo chroot fs /usr/bin/passwd
sudo chroot fs /usr/bin/apt install pciutils tree vim python python3-pip gdb
sudo umount -l fs
EOF
cat <<EOF > launch.sh
qemu-system-x86_64 -kernel ${kernel.name}/arch/x86/boot/bzImage -drive file=fs.img,format=raw -m 1G -no-shutdown -append "root=/dev/sda console=ttyS0 nokaslr" -nographic -monitor none -s -serial pty
EOF
chmod +x setup.sh launch.sh
'';
}