Tag: Linux Privilege Escalation

Disk Group Privilege Escalation is a complex attack method that targets vulnerabilities or misconfigurations within the disk group management system of Linux environments. Specifically, attackers often focus on disk devices such as /dev/sda, which represents the primary hard drive in Linux systems and typically corresponds to the first SCSI (Small Computer System Interface) disk device. […]

Max Kellerman discovered the privilege escalation vulnerability DirtyPipe CVE 2022-0847, which is present in the Linux Kernel itself in post versions 5.8 and allows overwriting data in arbitrary read-only files or, in simpler words, lets unprivileged processes inject code into privileged/root processes, thus escalating privilege. The original post with intricate work and details can be […]

Team Qualys discovered a local privilege escalation vulnerability in PolicyKit’s (polkit) setuid tool pkexec, known as PwnKit (CVE 2021-4034), which allows low-level users to run commands as privileged users. According to Qualys, the vulnerability exists in the pkexec.c code that doesn’t handle the calling parameters count correctly and ends trying to execute environment variables as […]

According to Red Hat, “Polkit stands for PolicyKit which is a framework that provides an authorization API used by privileged programs.” Pkexec is a tool in PolicyKit or polkit that allows a user to run a command as a different user. This vulnerability tricks polkit into bypassing the credential checks for D-Bus requests, elevating the […]

In this article, we will demonstrate another method of Escalating Privileges on Linux-based Devices by exploiting the Python Libraries and scripts. Table of Content Introduction Python Script Creation Method 1 [Write Permissions] Vulnerability Creation Exploitation Method 2 [Priority Order] Vulnerability Creation Exploitation Method 3 [PYTHONPATH Environment Variable] Vulnerability Creation Exploitation Conclusion Introduction In general, whenever […]

In this article, we will shed light on some of the Linux Privilege Escalation automated scripts that can be used to perform Post Exploitation and Enumeration after getting initial accesses on Linux based Devices. Table of Content Introduction Privilege Escalation Vectors Getting Access to Linux Machine LinPEAS LinEnum Bashark LES: Linux Exploit Suggester LinuxPrivChecker Metasploit: […]

In this article, we will discuss the mechanism of “capability” and Privilege escalation by abusing it. As we know when the system creates a work context for each user where they achieve their tasks with the privileges that are assigned to them. So, to provide some specific functionalities, it is necessary for a non-privileged user […]

Here we are again, coming back with one of the very essential commands, i.e., “Perl”. As we know, Perl has its significance in the era of programming languages specially designed for text editing. Apart from all of this, now it is also very prominent for a variety of purposes, including Linux system administration, network programming, […]

After the detection of a major security vulnerability, Official released an immediate security fix to the ‘ sudo ‘ kit in the Ubuntu repositories. If you are not aware of sudo right’s power then read this post “Linux Privilege Escalation using Sudo Rights” that help you to understand more above “CVE-2019-14287” the latest vulnerability which […]

In our previous article we have discussed “Docker Installation & Configuration”but today you will learn how to escalate the root shell if docker is running on the hots machine or I should say docker privilege escalation to spawn root shell. While we know that there is an issue with the docker that all the commands […]