Misusing debugfs for In-Memory RCE
In Summary : Debugfs is a simple-to-use RAM-based file system specially designed for kernel debugging purposes. It was released with vers...
https://updatesinfosec.blogspot.com/2018/06/misusing-debugfs-for-in-memory-rce.html
In Summary :
Debugfs is a simple-to-use RAM-based file system specially designed for kernel debugging purposes. It was released with version 2.6.10-rc3 and written by Greg Kroah-Hartman. In this post, I will be showing you how to use debugfs and Netfilter hooks to create a Loadable Kernel Module capable of executing code remotely entirely in RAM. An attacker’s ideal process would be to first gain unprivileged access to the target, perform a local privilege escalation to gain root access, insert the kernel module onto the machine as a method of persistence, and then pivot to the next target. [...]
kindly refer the following link as follow up :
https://ift.tt/2LPG4gi
Debugfs is a simple-to-use RAM-based file system specially designed for kernel debugging purposes. It was released with version 2.6.10-rc3 and written by Greg Kroah-Hartman. In this post, I will be showing you how to use debugfs and Netfilter hooks to create a Loadable Kernel Module capable of executing code remotely entirely in RAM. An attacker’s ideal process would be to first gain unprivileged access to the target, perform a local privilege escalation to gain root access, insert the kernel module onto the machine as a method of persistence, and then pivot to the next target. [...]
kindly refer the following link as follow up :
https://ift.tt/2LPG4gi