Notes
  • Enumeration
  • Shells
    • Interactive TTY Shell
    • Spawn a Shell
    • Reverse Shells
  • Buffer OverFlow
    • Do Stack Buffer Overflow Good
    • Server-Memc.exe
  • Tools
    • hydra
    • Hashcat
    • SSH tricks
    • Git
    • pspy
    • Impacket-tools
    • Evil-winrm
    • Crackmapexec
    • Empire
    • SQLMap
    • msfvenon
    • Mimikatz
    • Docker
    • Weevely
    • gpp-decrypt
    • PLink.exe
    • john
    • wfuzz
    • Searchsploit
  • Python
    • Useful Libraries
    • Python Tricks
    • Using fstrings Python3
  • PHP
    • Web shells
    • Bypassing Dangerous PHP Functions
    • Exploiting RFI in a PHP application and bypassing remote URL inclusion restrict
    • PHP - LFI and RFI
  • SQL Injection
    • Getting a Shell
    • Enable xp_cmdshell
    • Shell From PHPMyAdmin
  • OpenSSL - CheatSheet
  • Windows
    • TeamViewer Decrypt
    • Commando VM
    • PrivEsc
      • Bypass AppLocker
      • Disable Windows Defender
      • Abusing Services
      • Blogs About Windows
      • Guides
      • Powershell Runas
      • Living Off The Land Binaries and Scripts
      • DLL Injection
      • Common Windows PrivEsc
      • Windows PrivEsc Exploits
      • Abusing Files Permissions
      • Interesting Files
      • File Transfer Methods
      • Bloodhound
      • Potatos and Tokens
        • PrintSpoofer Win10 - Server 2016/2019
      • SessionGopher.ps1
      • Sherlock.ps1
      • Windows - PrivEsc Scripts
        • Windows Exploit Suggester
    • Powershell
    • Anti-Virus Evasion
    • Post-Exploitation
      • Extract Windows Hashes Offline
      • Dumping Domain Password Hashes
    • Vulnerabilities
      • MS15-051
      • MS17-010
      • MS08-067
    • Active Directory
      • Get-DomainSPN Ticket
      • Kerberos
      • Bloodhound
      • DNS Admin to SYSTEM
      • DC Sync Attack
      • Escalating privileges with ACLs in Active Directory
      • How SMB Relay Works
      • Practical Guide to NTLM Relaying
      • Microsoft Exchange – ACL
  • Linux
    • PrivEsc
      • LXE to root
      • MySQL as root
      • Logrotate PrivEsc 3.15.1
      • Guides
      • SSH Tricks
      • Abusing Unix Wildcards
      • Linux - PrivEsc Scripts
    • Kernel Exploits
  • OSCP
    • Resources & Guides
      • WordPress PrivEsc
    • HackTheBox - Writeups
      • HTB - Networked
      • HTB - Cronos
      • HTB - Nibbles
      • HTB - LaCasaDePapel
      • HTB - Sense
      • HTB - October
      • HTB - Brainfuck
      • HTB - Mirai
      • HTB - Blocky
      • HTB - Teacher
      • HTB - Tally
      • HTB - Bank
      • HTB - Jeeves
      • HTB - Silo
      • HTB - Bastard
      • HTB - Legacy
      • HTB - Heist
      • HTB - Active
      • HTB - Bastion
      • HTB - Haystack
      • HTB - Bashed
      • HTB - Blue
      • HTB - Tenten
      • HTB - Artic
      • HTB - Bounty
      • HTB - Jerry
  • CTF
    • TryHackMe Writeups
      • TryHackMe - Tempus Fugit Durius
      • TryHackMe - Jack
    • Tools and Resources
Powered by GitBook
On this page
  1. Linux

Kernel Exploits

PreviousLinux - PrivEsc ScriptsNextResources & Guides

Last updated 5 years ago

Offensive Security

SecWiki

Kernel-exploits - @lucyoa 

# The following exploits are known to work well, 
# search for another exploits using searchsploit -w linux kernel centos.

CVE-2016-5195 (DirtyCow)
Linux Privilege Escalation - Linux Kernel <= 3.19.0-73.8

# make dirtycow stable
echo 0 > /proc/sys/vm/dirty_writeback_centisecs
g++ -Wall -pedantic -O2 -std=c++11 -pthread -o dcow 40847.cpp -lutil
https://github.com/dirtycow/dirtycow.github.io/wiki/PoCs
https://github.com/evait-security/ClickNRoot/blob/master/1/exploit.c


CVE-2010-3904 (RDS)
Linux RDS Exploit - Linux Kernel <= 2.6.36-rc8
https://www.exploit-db.com/exploits/15285/


CVE-2010-4258 (Full Nelson)
Linux Kernel <= 2.6.37 (RedHat / Ubuntu 10.04)
https://www.exploit-db.com/exploits/15704/


CVE-2012-0056 (Mempodipper)
Linux Kernel 2.6.39 < 3.2.2 (Gentoo / Ubuntu x86/x64)
https://www.exploit-db.com/exploits/18411

Dirty Cow

bin-sploits - @offensive-security
SecWiki on GitHub
lucyoa - GitHub
https://github.com/FireFart/dirtycow/blob/master/dirty.c