Collection of useful Linux privilege escalation exploits in 2022, which worked like a charm during pentest engagements. High probability to work, easy to use, get instant root.
Dirty Pipe - a vulnerability in the Linux kernel since 5.8 which allows overwriting data in arbitrary read-only files (CVE-2022-0847)
On March 7, 2022, Max Kellermann publicly disclosed a vulnerability in the Linux kernel, later named Dirty Pipe, which allows underprivileged processes to write to arbitrary readable files, leading to privilege escalation. This vulnerability affects kernel versions starting from 5.8. After its discovery, it was fixed for all currently maintained releases of Linux in versions 5.16.11, 5.15.25, and 5.10.102.
While easier to exploit, it is similar to an older vulnerability disclosed in 2016, Dirty COW, which has been actively exploited by malicious actors since then.
./pipe /usr/bin/su
# whoami
root
Further explanation: https://dirtypipe.cm4all.com/
Polkit (formerly PolicyKit) is a component for controlling system-wide privileges in Unix-like operating systems. It provides an organized way for non-privileged processes to communicate with privileged processes. It is also possible to use polkit to execute commands with elevated privileges using the command pkexec followed by the command intended to be executed (with root permission).
./PwnKit
# whoami
root
Further explanations: https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034