Linux Privilege Escalation via snapd using dirty_sock exploit and demonstration of CVE-2019-7304

In January 2019, researchers discovered a privilege escalation vulnerability in default installations of Ubuntu Linux. This was due to a bug in the snapd API, a default service. Any local user could exploit this vulnerability to obtain immediate root access to the system (Linux Privilege Escalation via snapd, n.d.). In this post, I am going to exploit one of the affected Ubuntu 16.04 using dirty_sock exploit via snapd which created by security researcher. Moreover, snapd serves up a REST API attached to a local AF_UNIX socket. Access control to restricted API functions is accomplished by querying the UID associated with any connections made to that socket. User-controlled socket peer data can be affected to overwrite a UID variable during string parsing in a for-loop. This allows any user to access any API function.

Continue reading “Linux Privilege Escalation via snapd using dirty_sock exploit and demonstration of CVE-2019-7304”

Walkthrough: Lame (HTB Retired Box)

Hi All, this is my first blog entry which I decided to share my written walkthroughs related to retired machines on HTB. Frankly speaking, I am in the learning process and end of my development, I would like to look at my progress for checking what I learnt. Additionally, I want to share my knowledge with our peers or who wants to improve themselves.

Continue reading “Walkthrough: Lame (HTB Retired Box)”