So-called local root exploits often exist especially for older operating systems, which exploit vulnerabilities in the kernel when expanding privileges, such as a buffer overflow or a race condition. As an example, we might have encountered the kernel “3.19.0-15-generic“ while collecting information and would then search the internet for known exploits of this kernel version. The Offensive Security’s Exploit Database Archive (https://www.exploit-db.com/) is one method that is well suited for this purpose. By conducting the following Google search, we will get several hits or exploits, which we could use against this kernel:
site:exploit-db.com 3.19 local root exploit
In general, the source code of exploits is almost always in the high-level C language and must “only“ be compiled into an executable programme by us. It is possible that the target system for the build process does not have all the necessary libraries, which then requires us to statically “build“ the local root exploit on our attacker machine. Static linking integrates the required files into the executable programme, allowing us to achieve increased portability. For example, we can accomplish this with the following gcc command:
gcc -static ${source file} -o ${executable}
When compiling on our attacker machine, we still have to consider the system architecture of our target system. If our target system is based on an x86 processor (32-bit architecture) and our own system is based on the 64-bit architecture, we must conduct cross-compiling:
gcc -march=i386 ${source file} -o ${executable}
Last modified: Dec. 15, 2022
Take a look at the pentest training chapters and learn penetration testing:
Discover the world of penetration testing. Learn how to infiltrate networks and successfully penetrate systems and applications. Acquire the necessary hacking skills and use them when conducting professional penetration tests. Become a real penetration tester. Here you will find the free documents for the Pentest Training of binsec academy GmbH. The binsec academy GmbH offers the corresponding security training lab environments and certifications. However, the knowledge and wiki articles on hacking and penetration testing is universal.
binsec academy GmbH is the European provider of online security training with virtual laboratory environments. The core component of all security training is the focus on practice, practice and more practice. In the wiki here you will find the public and freely available course materials. You can put the theory into practice at binsec-academy.com.