Mirrors/PayloadsAllTheThings
2
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-11-13 00:17:17 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #510 from MarwanNour/patch-1

Browse source 
Added DirtyPipe to kernel exploits
This commit is contained in:
Swissky 2022-06-23 17:19:05 +02:00 committed by GitHub
commit b9e847decb
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 16 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
Methodology and Resources/Linux - Privilege Escalation.md
View file

@ -6,7 +6,7 @@
* [Checklist](#checklists)
* [Looting for passwords](#looting-for-passwords)
* [Files containing passwords](#files-containing-passwords)
* [Old passwords in /etc/security/opasswd](#old-passwords-in--etc-security-opasswd)
* [Old passwords in /etc/security/opasswd](#old-passwords-in-etcsecurityopasswd)
* [Last edited files](#last-edited-files)
* [In memory passwords](#in-memory-passwords)
* [Find sensitive files](#find-sensitive-files)
@ -27,7 +27,7 @@
* [NOPASSWD](#nopasswd)
* [LD_PRELOAD and NOPASSWD](#ld_preload-and-nopasswd)
* [Doas](#doas)
* [sudo_inject](#sudo-inject)
* [sudo_inject](#sudo_inject)
* [CVE-2019-14287](#cve-2019-14287)
* [GTFOBins](#gtfobins)
* [Wildcard](#wildcard)
@ -43,10 +43,11 @@
* [LXC/LXD](#lxclxd)
* [Hijack TMUX session](#hijack-tmux-session)
* [Kernel Exploits](#kernel-exploits)
* [CVE-2016-5195 (DirtyCow)](#CVE-2016-5195-dirtycow)
* [CVE-2010-3904 (RDS)](#[CVE-2010-3904-rds)
* [CVE-2010-4258 (Full Nelson)](#CVE-2010-4258-full-nelson)
* [CVE-2012-0056 (Mempodipper)](#CVE-2012-0056-mempodipper)
* [CVE-2022-0847 (DirtyPipe)](#cve-2022-0847-dirtypipe)
* [CVE-2016-5195 (DirtyCow)](#cve-2016-5195-dirtycow)
* [CVE-2010-3904 (RDS)](#cve-2010-3904-rds)
* [CVE-2010-4258 (Full Nelson)](#cve-2010-4258-full-nelson)
* [CVE-2012-0056 (Mempodipper)](#cve-2012-0056-mempodipper)
## Tools
@ -768,6 +769,14 @@ The following exploits are known to work well, search for more exploits with `se
Another way to find a kernel exploit is to get the specific kernel version and linux distro of the machine by doing `uname -a`
Copy the kernel version and distribution, and search for it in google or in https://www.exploit-db.com/.
### CVE-2022-0847 (DirtyPipe)
Linux Privilege Escalation - Linux Kernel 5.8 < 5.16.11
```
https://www.exploit-db.com/exploits/50808
```
### CVE-2016-5195 (DirtyCow)
Linux Privilege Escalation - Linux Kernel <= 3.19.0-73.8
@ -820,3 +829,4 @@ https://www.exploit-db.com/exploits/18411
* [Linux Password Security with pam_cracklib - Hal Pomeranz, Deer Run Associates](http://www.deer-run.com/~hal/sysadmin/pam_cracklib.html)
* [Local Privilege Escalation Workshop - Slides.pdf - @sagishahar](https://github.com/sagishahar/lpeworkshop/blob/master/Local%20Privilege%20Escalation%20Workshop%20-%20Slides.pdf)
* [SSH Key Predictable PRNG (Authorized_Keys) Process - @weaknetlabs](https://github.com/weaknetlabs/Penetration-Testing-Grimoire/blob/master/Vulnerabilities/SSH/key-exploit.md)
* [The Dirty Pipe Vulnerability](https://dirtypipe.cm4all.com/)