A local root privilege escalation vulnerability was found in Exim,
Debian's default mail transfer agent, in configurations using the
perl_startup option (Only Exim via exim4-daemon-heavy enables Perl
support)
To address the vulnerability, updated Exim versions clean the complete
execution environment by default, affecting Exim and subprocesses suc ...
=============================================
- Advisory release date: 10032016
- Created by: Dawid Golunski
- Severity: High/Critical
=============================================
I VULNERABILITY
-------------------------
Exim < 4862 Local Root Privilege Escalation Exploit
II BACKGROUND
-------------------------
"Exim is a me ...
#!/bin/sh
# CVE-2016-1531 exim <= 484-3 local root exploit
# ===============================================
# you can write files as root or force a perl module to
# load by manipulating the perl environment and running
# exim with the "perl_startup" arguement -ps
#
# eg
# [fantastic@localhost tmp]$ /cve-2016-1531sh
# [ CVE-2016-1531 lo ...
This Metasploit module exploits a Perl injection vulnerability in Exim versions prior to 4862 given the presence of the "perl_startup" configuration parameter ...
Exim versions prior to 4862 suffer from a local root privilege escalation vulnerability When Exim installation has been compiled with Perl support and contains a perl_startup configuration variable it can be exploited by malicious local attackers to gain root privileges ...
Linux-privilege-escalation-cheatsheet
Cheatsheet for linux privilege escalation
Service exploits
The MySQL service is running as root and the "root" user for the service does not have a password assigned We can use a popular exploit that takes advantage of User Defined Functions (UDFs) to run system commands as root via the MySQL service
Change into the /home/user/t
A compilation of important commands, files, and tools used in Pentesting
Offensive Security Tools
Here you will find a useful collection of commands and file resource locations used in Pentesting operations This reference is will go hand in hand with Kali Linux and the OSCP
This is intended to be viewed in the blog found here: Offensive Security Cheat Sheet
OSINT
osintframeworkcom/
# Google hacking
wwwexploit-dbcom/google-
exim4-privesc
Credit to Tib3rius | tryhackmecom/room/linuxprivesc
Find all the SUID/SGID executables on the Debian VM:
find / -type f -a ( -perm -u+s -o -perm -g+s ) -exec ls -l {} ; 2> /dev/null
If /usr/sbin/exim-484-3 appears in the results, use cve-2016-1531sh to gain a root shell