## https://sploitus.com/exploit?id=C16DD27B-8AAE-5F34-B23A-FC768C141778
# ๐ Ultimate Master Guide: Kernel Exploit Labs
Welcome to the bridge between User-Space and Kernel-Space. This project is a controlled laboratory for learning Linux Kernel exploitation on the 5.15 LTS kernel.
---
## ๐๏ธ 0. The Mandatory Engine: Why `/scripts`?
Let's address the most important question first: **Is the `/scripts` folder useful?**
**YES. It is the mandatory engine of the entire project.**
1. **`scripts/build_initramfs.sh`**:
- **What it does**: It downloads and compiles **BusyBox** from source, creates the Linux directory structure (`/dev`, `/proc`, etc.), and packs all your labs into a compressed `initramfs.cpio.gz` file.
- **If you delete it**: You will have no filesystem. When QEMU boots, the kernel will panic because it has no "hard drive" to read your exploits from.
2. **`scripts/run_standalone.sh`**:
- **What it does**: It orchestrates the **QEMU Simulator**. It configures the RAM (512M), CPU (kvm64), and serial console so you can see the kernel output in your terminal.
- **If you delete it**: You will have to type a 10-line QEMU command manually every single time you want to test a hack.
---
## ๐ 1. Project-Wide File Registry
| File / Folder | Purpose | Necessity |
| :--- | :--- | :--- |
| `build/` | Stores the compiled 5.15 Kernel (`bzImage`) and filesystem. | **MANDATORY** |
| `labs/` | The collection of individual exploit challenges. | **MANDATORY** |
| `scripts/` | Orchestration for building the OS and running QEMU. | **MANDATORY** |
| `kernel.config` | The "Hackers Config" that disables kernel protections. | **MANDATORY** |
| `Makefile` | The Top-Level automation script. | **RECOMMENDED** |
| `labsetup.md` | A quick "from scratch" setup summary. | **OPTIONAL** |
---
## ๐งช 2. The Architectural Strategy
### A. Why Kernel 5.15?
We use the **5.15 Long Term Support (LTS)** kernel. It's modern enough to be relevant today but doesn't have the extremely complex "Kernel Control Flow Integrity" (kCFI) found in 6.x+, which makes beginner memory corruption impossible to see.
### B. The Top-Level Build
We build the kernel once at the project root (`build/linux-5.15`).
- **The Secret**: Kernel modules are extremely picky. If you build a module against a different kernel version than the one that is running, it will **REFUSE** to load. By using a shared Top-Level build, we guarantee 100% compatibility for every lab.
---
## ๐ 3. Master Workflow (From Scratch)
### Part 1: Host Preparation
```bash
sudo apt update && sudo apt install -y build-essential qemu-system-x86 cpio wget bc
```
### Part 2: Build & Launch
```bash
# 1. Build a specific lab (e.g., buffer_overflow)
cd labs/buffer_overflow
./run_lab.sh
```
### Part 3: The Exploit (Inside QEMU)
Once you see the `Welcome to Kernel Exploit Lab` banner:
```bash
cd /labs/buffer_overflow
insmod buffer_overflow.ko # The Industry Standard for loading modules
./exploit # Run the attack
id # Confirm Root Access (uid=0)
```
---
## ๐ 4. Deep Technical References
For even more granular detail, refer to the following:
- [Kernel Exploit Guide](file:///home/iconic-whisper/Documents/os/cw2/KERNEL_EXPLOIT_GUIDE.md) - Full step-by-step from source to shell.
- [Lab Setup](file:///home/iconic-whisper/Documents/os/cw2/labsetup.md) - Quick start dependencies.
- Read the **README.md** inside each lab folder for line-by-line code analysis of the bugs!