A CTF styled Poc to extract a secretflag from the kernel space using spectre v1
-
Install linux headers
sudo apt-get install linux-headers-$(uname -r) -
Make -
sudo insmod spectreModule.ko -
cat /proc/leakSecretByteAddressto make sure that address is being returned -
Run precompile
./readto verify the secret byte is leaked from kernel space
Write your own code to leak the secret byte or the whole secret string with the help of skeletel.c