mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-05-04 02:36:07 +02:00
Merge pull request #510 from MarwanNour/patch-1
Added DirtyPipe to kernel exploits
This commit is contained in:
Swissky
commit
b9e847decb
GPG Key ID:
4AEE18F83AFDEB23
|
|
@ -6,7 +6,7 @@
|
|||
* [Checklist](#checklists)
|
||||
* [Looting for passwords](#looting-for-passwords)
|
||||
* [Files containing passwords](#files-containing-passwords)
|
||||
* [Old passwords in /etc/security/opasswd](#old-passwords-in--etc-security-opasswd)
|
||||
* [Old passwords in /etc/security/opasswd](#old-passwords-in-etcsecurityopasswd)
|
||||
* [Last edited files](#last-edited-files)
|
||||
* [In memory passwords](#in-memory-passwords)
|
||||
* [Find sensitive files](#find-sensitive-files)
|
||||
|
|
@ -27,7 +27,7 @@
|
|||
* [NOPASSWD](#nopasswd)
|
||||
* [LD_PRELOAD and NOPASSWD](#ld_preload-and-nopasswd)
|
||||
* [Doas](#doas)
|
||||
* [sudo_inject](#sudo-inject)
|
||||
* [sudo_inject](#sudo_inject)
|
||||
* [CVE-2019-14287](#cve-2019-14287)
|
||||
* [GTFOBins](#gtfobins)
|
||||
* [Wildcard](#wildcard)
|
||||
|
|
@ -43,10 +43,11 @@
|
|||
* [LXC/LXD](#lxclxd)
|
||||
* [Hijack TMUX session](#hijack-tmux-session)
|
||||
* [Kernel Exploits](#kernel-exploits)
|
||||
* [CVE-2016-5195 (DirtyCow)](#CVE-2016-5195-dirtycow)
|
||||
* [CVE-2010-3904 (RDS)](#[CVE-2010-3904-rds)
|
||||
* [CVE-2010-4258 (Full Nelson)](#CVE-2010-4258-full-nelson)
|
||||
* [CVE-2012-0056 (Mempodipper)](#CVE-2012-0056-mempodipper)
|
||||
* [CVE-2022-0847 (DirtyPipe)](#cve-2022-0847-dirtypipe)
|
||||
* [CVE-2016-5195 (DirtyCow)](#cve-2016-5195-dirtycow)
|
||||
* [CVE-2010-3904 (RDS)](#cve-2010-3904-rds)
|
||||
* [CVE-2010-4258 (Full Nelson)](#cve-2010-4258-full-nelson)
|
||||
* [CVE-2012-0056 (Mempodipper)](#cve-2012-0056-mempodipper)
|
||||
|
||||
|
||||
## Tools
|
||||
|
|
@ -768,6 +769,14 @@ The following exploits are known to work well, search for more exploits with `se
|
|||
Another way to find a kernel exploit is to get the specific kernel version and linux distro of the machine by doing `uname -a`
|
||||
Copy the kernel version and distribution, and search for it in google or in https://www.exploit-db.com/.
|
||||
|
||||
### CVE-2022-0847 (DirtyPipe)
|
||||
|
||||
Linux Privilege Escalation - Linux Kernel 5.8 < 5.16.11
|
||||
|
||||
```
|
||||
https://www.exploit-db.com/exploits/50808
|
||||
```
|
||||
|
||||
### CVE-2016-5195 (DirtyCow)
|
||||
|
||||
Linux Privilege Escalation - Linux Kernel <= 3.19.0-73.8
|
||||
|
|
@ -820,3 +829,4 @@ https://www.exploit-db.com/exploits/18411
|
|||
* [Linux Password Security with pam_cracklib - Hal Pomeranz, Deer Run Associates](http://www.deer-run.com/~hal/sysadmin/pam_cracklib.html)
|
||||
* [Local Privilege Escalation Workshop - Slides.pdf - @sagishahar](https://github.com/sagishahar/lpeworkshop/blob/master/Local%20Privilege%20Escalation%20Workshop%20-%20Slides.pdf)
|
||||
* [SSH Key Predictable PRNG (Authorized_Keys) Process - @weaknetlabs](https://github.com/weaknetlabs/Penetration-Testing-Grimoire/blob/master/Vulnerabilities/SSH/key-exploit.md)
|
||||
* [The Dirty Pipe Vulnerability](https://dirtypipe.cm4all.com/)
|
||||
|
|
|
|||
Loading…
Reference in New Issue