Skip to content

Commit

Permalink
Buafllet WU
Browse files Browse the repository at this point in the history
  • Loading branch information
@Ghizmoo
Ghizmoo committed Oct 27, 2024
1 parent 02cf61b commit 1d285ac
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion Pwn/Buafllet/prod/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -162,7 +162,7 @@ Next, kfree it, with `ioctl_shoot`.
Now, you can spray with any object it will ends in the chunk.
The rest is straightfoward, using a "good" object, we leak kaslr, heap address and gain arbitrary read/write to patch creds, or using modprobe_path.

The object choosen in the PoC [exploit.c](exploit/exploit.c) is tty_struct, since it's very simple. But any other techniques works also.
The object choosen in the PoC [exploit.c](exploit/exploit.c) is tty_struct, since it's very simple. But any objects works as well.



Expand Down

0 comments on commit 1d285ac

Please sign in to comment.