![]() ![]() We can read these blog posts on Dirty Pipe to get a better understanding of what the exploit is, which is a great idea however, we can see that the top exploit is hosted on GitHub, which is where we will likely find most of the kernel exploits for any kernel version hosted, so lets edit our search a bit to include github, like so: Linux kernel 5.13 exploit github The first results are usually from CVE-Details, Vulnmon, etc., which are good to get an overview of the potential exploits we can use however, scrolling down we start to see some pages that are of greater interest to us.īoth of these exploits look pretty promising as they both mention kernel version 5.13 - furthermore, they both mention Ubuntu, which we know is the flavour of Linux our target is running. We can start by using the following broad search: Linux kernel 5.13 exploit Google skills are VERY important to have as a hacker - sharpen them any chance you get! The first way to search for kernel exploits is by taking the kernel version information we have enumerated and then searching on Google for any exploits that this kernel version is vulnerable to. Now that we have determined the kernel version to be 5.13, there are a few ways that we can search for a suitable exploit. Hunting for Suitable Kernel Exploits Manually This tells us the kernel was released on June 27th, 2021 so we will need to find an exploit that was disclosed after this kernel version was released. ![]() We can confirm the date the kernel was released by looking up the kernel version on this Wikipedia page here. ![]() The output shows that this kernel is fairly new as it is running on version 5.13. uname -aįinally, we can also get this information from a file located at /prov/version. This is good however, we want to gather even more info from our target, so instead we can use the uname command again but this time with the -a switch, which will provide us with the Linux flavour, kernel version, and architecture. This can be accomplished a few different ways, starting with the uname command with the -r switch, which will tell us only the kernel version itself. The first thing we need to enumerate when looking for kernel exploits is the version of the kernel on the target host. Now that we have full TTY, we can use arrows to go through our command history, use tab completion, clear the terminal, and much more. We can do this using the following set of commands: python3 -c 'import pty pty.spawn("/bin/bash") 'įg #brings netcat session back to the foreground Hunting for Kernel Vulnerabilitiesįor this first example, we have obtained a foothold on a Linux machine as standard user juggernaut.įirst thing we need to do after obtaining a foothold is upgrade the shell to full TTY if we can. If you are interested in learning about Windows kernel exploits, check out my two posts on the topic here and here. After loading, it controls and coordinates every other program and process and ensures that memory is allocated correctly. The kernel is the first program to load after the bootloader. The job that the kernel has is to convert input/ouput (I/O) requests from software into instruction sets that interact between the software and hardware. This means that the kernel sits between applications (software) and the CPU / memory / devices / etc. When it comes to the kernel, it is important to understand it’s purpose so that we can understand why it can be vulnerable.Ī kernel is essentially a “computer program” that facilitates interactions between hardware and software. Finally, we will see demonstrations of six different kernel exploits that cover almost all kernel versions from 2010 – Present. From there, we will see multiple ways to find kernel exploits that will work against the kernel version we are targeting. We will start by using various commands to find the kernel version on the victim host. In this post we will be exploring various kernel exploits that can be used for Linux Privilege Escalation from standard user to root.
0 Comments
Leave a Reply. |