Skip to content

My personal fav collection of Linux PrivEsc kernel exploits. No bullshit, just realtalk

Notifications You must be signed in to change notification settings

PenTestical/linpwn

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
 
 
 
 
 
 

Repository files navigation

LINPWN COLLECTION 2022

Collection of useful Linux privilege escalation exploits in 2022, which worked like a charm during pentest engagements. High probability to work, easy to use, get instant root.

Dirty Pipe - a vulnerability in the Linux kernel since 5.8 which allows overwriting data in arbitrary read-only files (CVE-2022-0847)

On March 7, 2022, Max Kellermann publicly disclosed a vulnerability in the Linux kernel, later named Dirty Pipe, which allows underprivileged processes to write to arbitrary readable files, leading to privilege escalation. This vulnerability affects kernel versions starting from 5.8. After its discovery, it was fixed for all currently maintained releases of Linux in versions 5.16.11, 5.15.25, and 5.10.102.

While easier to exploit, it is similar to an older vulnerability disclosed in 2016, Dirty COW, which has been actively exploited by malicious actors since then.

How to use

./pipe /usr/bin/su
# whoami
root

Further explanation: https://dirtypipe.cm4all.com/

PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)

Polkit (formerly PolicyKit) is a component for controlling system-wide privileges in Unix-like operating systems. It provides an organized way for non-privileged processes to communicate with privileged processes. It is also possible to use polkit to execute commands with elevated privileges using the command pkexec followed by the command intended to be executed (with root permission).

How to use:

./PwnKit
# whoami
root

Further explanations: https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034

About

My personal fav collection of Linux PrivEsc kernel exploits. No bullshit, just realtalk

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published