Nineveh_Chkrootkit

chkrootkit

---

pspy discovered that the system-wide cronjob was a bash script executing chkrootkit

Version Enumeration

---

I haven’t enumerated the running instance of Chkrootkit on the target system

I found the GitHub Repo for the program. It appears to be open source. The latest release is 0.53

amrois@nineveh:/report$ apt list | grep -i 'chkrootkit'
 
chkrootkit/xenial 0.50-3.2 amd64

I was able to get the version out via apt It’s 0.50-3.2

Exploit

---

┌──(kali㉿kali)-[~/archive/htb/labs/nineveh]
└─$ searchsploit chkrootkit
--------------------------------------------------------- ---------------------------------
 Exploit Title                                           |  Path
--------------------------------------------------------- ---------------------------------
Chkrootkit - Local Privilege Escalation (Metasploit)     | linux/local/38775.rb
Chkrootkit 0.49 - Local Privilege Escalation             | linux/local/33899.txt
--------------------------------------------------------- ---------------------------------
shellcodes: No Results
papers: No Results

I look it up locally on Kali. There is an LPE exploit for Chkrookit version 0.49

I will look more in to that.