Tag: OSCP Privilege Escalation

Disk Group Privilege Escalation is a complex attack method that targets vulnerabilities or misconfigurations within the disk group management system of Linux environments. Specifically, attackers often focus on disk devices such as /dev/sda, which represents the primary hard drive in Linux systems and typically corresponds to the first SCSI (Small Computer System Interface) disk device. […]

Max Kellerman discovered the privilege escalation vulnerability DirtyPipe CVE 2022-0847, which is present in the Linux Kernel itself in post versions 5.8 and allows overwriting data in arbitrary read-only files or, in simpler words, lets unprivileged processes inject code into privileged/root processes, thus escalating privilege. The original post with intricate work and details can be […]

Print Spooler has been on researcher’s radar ever since Stuxnet worm used print spooler’s privilege escalation vulnerability to spread through the network in nuclear enrichment centrifuges of Iran and infected more than 45000 networks. PrintNightmare is the common name given to a Remote Code Execution vulnerability in the Print Spooler service (spoolsv.exe) in Microsoft Windows […]

Introduction Oliver Lyak posted a write-up about a Windows Privilege Escalation vulnerability that persisted in Windows systems even after patching of previous vulnerabilities in Print Spooler CVE-2020-1048 and CVE-2020-1337. Oliver was assigned CVE-2022-21999 for this vulnerability and commonly named it “SpoolFool.” In this article, we will discuss the technical details associated with the same and […]

Team Qualys discovered a local privilege escalation vulnerability in PolicyKit’s (polkit) setuid tool pkexec, known as PwnKit (CVE 2021-4034), which allows low-level users to run commands as privileged users. According to Qualys, the vulnerability exists in the pkexec.c code that doesn’t handle the calling parameters count correctly and ends trying to execute environment variables as […]

According to Red Hat, “Polkit stands for PolicyKit which is a framework that provides an authorization API used by privileged programs.” Pkexec is a tool in PolicyKit or polkit that allows a user to run a command as a different user. This vulnerability tricks polkit into bypassing the credential checks for D-Bus requests, elevating the […]

As this series was dedicated to Windows Privilege escalation thus I’m writing this Post to explain command practice for kernel-mode exploitation. Table of Content What is a kernel? Prerequisite Hunting Vulnerable Kernel Kernel Privilege Escalation Techniques Kernel Exploit Using Metasploit Kernel Exploit Using ExploitDB  What is a kernel? A kernel is a computer program that […]

 An attacker can exploit Windows Task Scheduler to schedule malicious programs for initial or recurrent execution. For persistence, the attacker typically uses Windows Task Scheduler to launch applications at system startup or at predefined intervals. Furthermore, the attacker executes remote code under the context of a specified account to achieve Privilege Escalation. Table of Content […]

CVE-2021-36934 also known as SeriousSAM and HiveNightmare vulnerability was discovered by Jonas Lykkegaard in July 2021. Due to an ACL misconfiguration in Windows 10 post-build 1809 and Windows 11, non-admin users are granted read access to the holy trio of SAM, SYSTEM and SECURITY files under %windir%\system32\config directory. For this to be true, however, system […]

If an attacker finds a service that has all permission and its bind with the Registry run key then he can perform privilege escalation or persistence attacks. When a legitimate user signs in, the service link with the registry will be executed automatically and this attack is known as Logon Autostart Execution due to Registry […]