A tool for automating setup of kernel pwn challenges.

python3 -m pip install git+https://github.com/Myldero/kernelinit

Just run kernelinit in the directory of the challenge. It should hopefully automatically locate the relevant files and create the setup.

Your exploit code is placed in exploit-src
Compile and run QEMU with make
make debug is just an alias for gdb -x debug.gdb
To become root inside QEMU, run /makeroot, which is a setuid binary that gives you root.
In some challenges, setuid binaries are stripped. In this case, try uncommenting line 20 in the Makefile.

If you want to modify the exploit template, type kernelinit -h to get the path to the templates directory. If you change it, be wary that changes will be overwritten when you update this package. Instead, it's recommended to replace exploit-src with a symlink to your template.

The tool may be able to find unintended solutions when the challenge author has let critical files or directories be writable to the user. A list of tricks for these cases can be seen here

$ ls
bzImage  rootfs.cpio  run.sh
$ kernelinit
[INFO] No SMEP
[INFO] No KASLR
[INFO] Can leak info using kernel panics
[INFO] Running unintended checks...
[INFO] Extracting vmlinux...
[INFO] Finished unintended checks
[INFO] Successfully extracted vmlinux
$ ls
bzImage  debug.gdb  example.ko	exploit-src  Makefile  makeroot  my-run.sh  rootfs.cpio  run.sh  vmlinux