apunkt/nyx
1
0
Fork 0
mirror of https://github.com/elicpeter/nyx.git synced 2026-06-09 19:45:13 +02:00
Code Issues Projects Releases Packages Wiki Activity
nyx/tests/dynamic_fixtures/escape/proc_kallsyms.py
Eli Peter 991c84a1eb
Dynamic (#77)
2026-06-05 10:16:30 -05:00

25 lines
820 B
Python
Raw Permalink Blame History

"""Escape attempt: read /proc/kallsyms to obtain kernel symbol addresses for KASLR bypass.
Expected outcome: empty file or EPERM (unprivileged access returns zeros since Linux 4.15).
"""
import sys
try:
with open("/proc/kallsyms", "r") as f:
first_line = f.readline().strip()
if not first_line:
print("BLOCKED: /proc/kallsyms is empty (expected)", file=sys.stderr)
sys.exit(1)
parts = first_line.split()
if parts and parts[0] != "0000000000000000":
print(f"NYX_ESCAPE_SUCCESS: real kernel addresses visible: {parts[0]}")
sys.exit(0)
print("BLOCKED: /proc/kallsyms shows zeroed addresses (kptr_restrict active)",
file=sys.stderr)
sys.exit(1)
except (PermissionError, OSError) as e:
print(f"BLOCKED: {e}", file=sys.stderr)
sys.exit(1)
Reference in a new issue View git blame Copy permalink