ExploitGSM icon indicating copy to clipboard operation
ExploitGSM copied to clipboard
verified publisher icon YuriiCrimson

OffsetGenerator needs to be run as root

Open absynth42 opened this issue 1 year ago • 3 comments

On at least stock Debian 12 and Ubuntu 22/23, the kallsym table only emits zero address values when called as unprivileged user. The easiest way to circumvent this is to run the OffsetGenerator as root. Since this needs to be called only once per kernel version (right?), this is not a huge issue - further versions of the PoC will most likely have a larger list of kernels/distros. I'm not sure if this should be documented though.

absynth42 avatar Apr 11 '24 19:04 absynth42

yea you should run offset generator trought root for get offsets and place it in array

YuriiCrimson avatar Apr 11 '24 19:04 YuriiCrimson

yea you should run offset generator trought root for get offsets and place it in array

So if I know the root password, what's the need for this exploit?

kronostitanplay avatar Apr 12 '24 06:04 kronostitanplay

yea you should run offset generator trought root for get offsets and place it in array

So if I know the root password, what's the need for this exploit?

As far as I understand, the offsets aren't individual for each system but for each kernel version. So for a universal exploit, you need to collect them for each kernel before exploitation, then find the correct combination for the system you are trying to exploit. It's a PoC after all, so it's not supposed to be a fully weaponized one-shot exploit.

absynth42 avatar Apr 12 '24 06:04 absynth42