Original writeup: https://hxp.io/blog/81/hxp-CTF-2020-kernel-rop/
A writeup with more details: https://lkmidas.github.io/posts/20210123-linux-kernel-pwn-part-1/
We have written two exploits:
- exploit without kaslr | launch with
./run-nokaslr.sh - exploit with kaslr | launch with
./run.sh
With the help of: