This media is not supported in your browser
VIEW IN TELEGRAM
CVE-2021-43267 — Linux TIPC (PoC)
An article on how to escalate privileges via the slab-buffer-overflow in the Transparent Inter-Process Communication (TIPC) module.
Reference:
https://haxx.in/posts/pwning-tipc/
PoC:
https://github.com/ohnonoyesyes/CVE-2021-43267
#poc #cve #linux #lpe
An article on how to escalate privileges via the slab-buffer-overflow in the Transparent Inter-Process Communication (TIPC) module.
Reference:
https://haxx.in/posts/pwning-tipc/
PoC:
https://github.com/ohnonoyesyes/CVE-2021-43267
#poc #cve #linux #lpe
Exploiting A 16-Year-Old Vulnerability In The Linux 6pack Driver (CVE-2021-42008)
CVE-2021-42008 is a Slab-Out-Of-Bounds Write vulnerability in the Linux 6pack driver caused by a missing size validation check in the decode_data function. A malicious input from a process with CAP_NET_ADMIN capability can lead to an overflow in the cooked_buf field of the sixpack structure, resulting in kernel memory corruption. This, if properly exploited, can lead to root access.
https://syst3mfailure.io/sixpack-slab-out-of-bounds
#linux #6pack #lpe #cve
CVE-2021-42008 is a Slab-Out-Of-Bounds Write vulnerability in the Linux 6pack driver caused by a missing size validation check in the decode_data function. A malicious input from a process with CAP_NET_ADMIN capability can lead to an overflow in the cooked_buf field of the sixpack structure, resulting in kernel memory corruption. This, if properly exploited, can lead to root access.
https://syst3mfailure.io/sixpack-slab-out-of-bounds
#linux #6pack #lpe #cve
[CVE-2021-42008] Exploiting A 16-Year-Old Vulnerability In The Linux 6pack Driver
CVE-2021-42008 is a Slab-Out-Of-Bounds Write vulnerability in the Linux 6pack driver caused by a missing size validation check in the decode_data function. A malicious input from a process with CAP_NET_ADMIN capability can lead to an overflow in the cooked_buf…
Adding DCSync Permissions from Linux
https://www.n00py.io/2022/01/adding-dcsync-permissions-from-linux/
#ad #dcsync #linux
https://www.n00py.io/2022/01/adding-dcsync-permissions-from-linux/
#ad #dcsync #linux
www.n00py.io
Adding DCSync Permissions from Linux
Recently I came upon an attack path in BloodHound that looked like this: I had control of a computer object (an Exchange server) that effectively had WriteDacl over the domain. I had a few constraints as well: All systems were configured with EDR I only had…
This media is not supported in your browser
VIEW IN TELEGRAM
Linux Root PrivEsc and Escaping Containers (CVE-2022-0185)
Research:
https://www.willsroot.io/2022/01/cve-2022-0185.html
Exploit:
https://github.com/Crusaders-of-Rust/CVE-2022-0185
#linux #kernel #lpe #escape #container #0day
Research:
https://www.willsroot.io/2022/01/cve-2022-0185.html
Exploit:
https://github.com/Crusaders-of-Rust/CVE-2022-0185
#linux #kernel #lpe #escape #container #0day
PwnKit: Local Privilege Escalation Vulnerability in Polkit’s Pkexec (CVE-2021-4034)
The Qualys Research Team has discovered a memory corruption vulnerability in polkit’s pkexec, a SUID-root program that is installed by default on every major Linux distribution. This easily exploited vulnerability allows any unprivileged user to gain full root privileges on a vulnerable host by exploiting this vulnerability in its default configuration.
Research:
https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034
PoC:
https://github.com/arthepsy/CVE-2021-4034
Exploit:
https://github.com/berdav/CVE-2021-4034
#linux #lpe #polkit #cve
The Qualys Research Team has discovered a memory corruption vulnerability in polkit’s pkexec, a SUID-root program that is installed by default on every major Linux distribution. This easily exploited vulnerability allows any unprivileged user to gain full root privileges on a vulnerable host by exploiting this vulnerability in its default configuration.
Research:
https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034
PoC:
https://github.com/arthepsy/CVE-2021-4034
Exploit:
https://github.com/berdav/CVE-2021-4034
#linux #lpe #polkit #cve
👍1
CVE-2022-0995
This is my exploit for CVE-2022-0995, an heap out-of-bounds write in the watch_queue Linux kernel component.
It uses the same technique described in https://google.github.io/security-research/pocs/linux/cve-2021-22555/writeup.html.
The exploit targets Ubuntu 21.10 with kernel 5.13.0-37.
The exploit is not 100% reliable, you may need to run it a couple of times. It may panic the kernel, but during my tests it happened rarely.
https://github.com/Bonfee/CVE-2022-0995
#linux #lpe #exploit #cve
This is my exploit for CVE-2022-0995, an heap out-of-bounds write in the watch_queue Linux kernel component.
It uses the same technique described in https://google.github.io/security-research/pocs/linux/cve-2021-22555/writeup.html.
The exploit targets Ubuntu 21.10 with kernel 5.13.0-37.
The exploit is not 100% reliable, you may need to run it a couple of times. It may panic the kernel, but during my tests it happened rarely.
https://github.com/Bonfee/CVE-2022-0995
#linux #lpe #exploit #cve
👍3
CVE-2022-27666
This is the exploit for CVE-2022-27666, a vulnerability that achieves local privilege escalation on the latest Ubuntu Desktop 21.10.
Research:
https://etenal.me/archives/1825
Exploit:
https://github.com/plummm/CVE-2022-27666
#ubuntu #lpe #linux
This is the exploit for CVE-2022-27666, a vulnerability that achieves local privilege escalation on the latest Ubuntu Desktop 21.10.
Research:
https://etenal.me/archives/1825
Exploit:
https://github.com/plummm/CVE-2022-27666
#ubuntu #lpe #linux
ETenal
CVE-2022-27666: Exploit esp6 modules in Linux kernel - ETenal
This post discloses the exploit of CVE-2022-27666, which achieves local privilege escalation on the latest Ubuntu Desktop 21.10.
🔥2
😈 How to Detect Linux Anti-Forensics Log Tampering
When forensically examining Linux systems for malicious intrusion, responders often rely on the following three artefacts to determine logins and logouts:
—
—
—
Of course, these artefacts are not all you can forensically investigate for malicious access, however, these will be the focus of this anti-forensics blog post.
https://www.inversecos.com/2022/06/detecting-linux-anti-forensics-log.html
#linux #log #evasion #antiforensics
When forensically examining Linux systems for malicious intrusion, responders often rely on the following three artefacts to determine logins and logouts:
—
/var/run/utmp – currently logged in users—
/var/run/wtmp – current, past logins and system reboot —
/var/log/btmp – bad login attempts Of course, these artefacts are not all you can forensically investigate for malicious access, however, these will be the focus of this anti-forensics blog post.
https://www.inversecos.com/2022/06/detecting-linux-anti-forensics-log.html
#linux #log #evasion #antiforensics
👍4
🐧 Linux Kernel Syscalls
Very useful website if you need a quick reference to Linux kernel syscalls (numbers and parameters for various architectures and kernel versions)
🌐 Details:
https://syscalls.mebeim.net/
#linux #kernel #syscall
Very useful website if you need a quick reference to Linux kernel syscalls (numbers and parameters for various architectures and kernel versions)
🌐 Details:
https://syscalls.mebeim.net/
#linux #kernel #syscall
🔥8❤1
Forwarded from r0 Crew (Channel)
Local Privilege Escalation in the glibc's ld.so (CVE-2023-4911)
https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt
POC: https://github.com/leesh3288/CVE-2023-4911
#expdev #linux #lpe #Alexs3y
https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt
POC: https://github.com/leesh3288/CVE-2023-4911
#expdev #linux #lpe #Alexs3y
GitHub
GitHub - leesh3288/CVE-2023-4911: PoC for CVE-2023-4911
PoC for CVE-2023-4911. Contribute to leesh3288/CVE-2023-4911 development by creating an account on GitHub.
👍5🔥2