New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation exploit #9469
Conversation
You really like being root eh? :) |
@sempervictus MSF linux local EoP needed some love. As for on-host detection of libraries - Tavis discusses some techniques to find libraries with constructors programmatically using From Tavis' advisory:
Disassembling and analyzing potentially viable libraries programmatically on-host on-the-fly without access to the application source code would be cool, but well beyond the scope of this PR. Instead, additional known-vulnerable libraries could be added to the module as targets in the future. Tavis pointed out
Similarly, Todor Donev pointed out that
It seems that systems without |
On-target disassembly and analysis is probably something to bring up with @acammack-r7 in the context of mettle internals. Doesn't metasm have something for that? |
|
|
Fixed bug with shell sessions on Debian. Ready for review. |
Ubuntu 10.04 x64 (only openSSH added from iso install)
|
also worked from meterp shell |
Release NotesThe exploits/linux/local/glibc_ld_audit_dso_load_priv_esc module has been added to the framework. This module abuses a vulnerability in the GNU C Library (glibc) dynamic linker on Ubuntu 10.04 and other similar age operating systems for local privilege escalation. |
Nice work, i was mainly worried i wouldn't be able to get the vuln software, but Ubuntu 10.04 was good to go from ISO. |
Thanks @h00die |
Add glibc LD_AUDIT Arbitrary DSO Load Privilege Escalation exploit.
Verification
msfconsole
use exploit/linux/local/glibc_ld_audit_dso_load_priv_esc
set SESSION <ID>
run
Example Output