Privilege Escalation Kernel Exploitation CVE 2015

Hacking Truth
0

 

Privilege Escalation Kernel Exploitation CVE
 

Privilege Escalation: Kernel Exploits - CVE


Privilege escalation ideally leads to root privileges. This can sometimes be achieved simply by exploiting an existing vulnerability, or in some cases by accessing another user account that has more privileges, information, or access.

Unless a single vulnerability leads to a root shell, the privilege escalation process will rely on misconfigurations and lax permissions.

The kernel on Linux systems manages the communication between components such as the memory on the system and applications. This critical function requires the kernel to have specific privileges; thus, a successful exploit will potentially lead to root privileges.


The Kernel exploit methodology is simple;


  • Identify the kernel version
  • Search and find an exploit code for the kernel version of the target system
  • Run the exploit



Although it looks simple, please remember that a failed kernel exploit can lead to a system crash. Make sure this potential outcome is acceptable within the scope of your penetration testing engagement before attempting a kernel exploit.


Research sources:


Based on your findings, you can use Google to search for an existing exploit code.
Sources such as https://www.linuxkernelcves.com/cves or https://www.exploit-db.com/exploits/37292 or https://www.linuxkernelcves.com/cves/CVE-2015-1328 can also be useful.
Another alternative would be to use a script like LES (Linux Exploit Suggester) but remember that these tools can generate false positives (report a kernel vulnerability that does not affect the target system) or false negatives (not report any kernel vulnerabilities although the kernel is vulnerable).


Hints/Notes:


Being too specific about the kernel version when searching for exploits on Google, Exploit-db, or searchsploit.


Be sure you understand how the exploit code works BEFORE you launch it. Some exploit codes can make changes on the operating system that would make them unsecured in further use or make irreversible changes to the system, creating problems later. Of course, these may not be great concerns within a lab or CTF environment, but these are absolute no-nos during a real penetration testing engagement.


Some exploits may require further interaction once they are run. Read all comments and instructions provided with the exploit code.


You can transfer the exploit code from your machine to the target system using the SimpleHTTPServer Python module and wget respectively.


First we will use ssh and we will come inside his house wihtout informing ( atithi devo bhaava ) :-p

Before

 

Privilege Escalation Kernel Exploitation CVE

 

After 

 

 

Privilege Escalation Kernel Exploitation CVE

 

whoami

id

uname -a

 

and then here's kernel old version is available then we exploit it by this version..if you wanna search on google then you can find it like this...

 


Privilege Escalation Kernel Exploitation CVE


Privilege Escalation Kernel Exploitation CVE


Privilege Escalation Kernel Exploitation CVE


Download this exploit code into your own machine and paste in target machine with save a file with the name of any kind of name but extension is only   .c  

 

after copy this exploitation code, in target machine go to the /tmp folder then paste it.

 

cd /tmp

nano ofc.c

ls

 

 

Privilege Escalation Kernel Exploitation CVE

 

 

Now, exploitation time..


ls

gcc ofc.c -o rOOt-atul

./rOOt-atul

id


Privilege Escalation Kernel Exploitation CVE


 Additonal information, if you wanna clear screen but it says that TERM environment variable not set...don't worry.. i am here :-)

 


Privilege Escalation Kernel Exploitation CVE


ls

locate flag1.txt

cat /home/matt/flag1.txt

 


Privilege Escalation Kernel Exploitation CVE

 


Disclaimer

All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.
 
 

 

Post a Comment

0 Comments
* Please Don't Spam Here. All the Comments are Reviewed by Admin.
Post a Comment (0)
Our website uses cookies to enhance your experience. Learn More
Accept !