Linux kernel ptrace_link privilege escalation

This repository contains a local privilege escalation exploit for Linux kernel versions 4.10 up to 5.1.16, targeting CVE-2019-13272. The exploit is implemented in a single C file (CVE-2019-13272.c) and is accompanied by a README.md that explains the vulnerability and provides usage instructions. The exploit leverages a flaw in the ptrace credential handling logic, allowing a local user to gain root privileges by exploiting the interaction between ptrace and SUID binaries (notably pkexec and a set of known helper binaries). The code searches for suitable SUID helpers on the system, then uses ptrace to manipulate process credentials and ultimately spawns a root shell (/bin/bash). The README provides background on the vulnerability, affected kernel versions, and step-by-step compilation and usage instructions. No network endpoints are involved; all actions are performed locally. The exploit is operational and provides a working root shell if the target is vulnerable.

This repository contains a proof-of-concept (PoC) exploit for CVE-2019-13272, a Linux kernel vulnerability related to improper handling of ptrace. The repository consists of three files: a LICENSE, a README.md, and the main exploit code in poc.c. The C code forks a child process, uses ptrace to trace the child, and prints out the system call numbers made by the child process as it executes '/bin/echo'. This PoC demonstrates the ability to trace system calls, which is a key step in exploiting the referenced vulnerability. The README provides compilation and execution instructions, as well as a sample output. No network endpoints are present; the only fingerprintable endpoint is the use of '/bin/echo'. The exploit is local and requires the ability to execute code on the target system. The code is a basic PoC and does not provide a full privilege escalation or weaponized payload.

This repository contains a local privilege escalation exploit for CVE-2019-13272, targeting Linux kernel versions 4.10 through 5.1.17. The exploit is implemented in a single C file (CVE-2019-13272.c) and leverages a flaw in the kernel's ptrace functionality, specifically in how credentials are handled during ptrace relationships. The exploit searches for known SUID helper binaries (such as pkexec and various desktop environment helpers) and uses them in conjunction with pkexec to escalate privileges. If successful, it spawns a root shell (/bin/bash). The README provides background on the vulnerability, usage instructions, and references to the original discovery. The exploit is operational and has been tested on multiple Linux distributions. No network endpoints are involved; the attack vector is purely local, requiring the attacker to execute the exploit on the target system.

This repository contains a local privilege escalation exploit for CVE-2019-13272, targeting Linux kernel versions 4.10 up to 5.1.16. The exploit is implemented in C (CVE-2019-13272.c) and leverages a flaw in the kernel's ptrace functionality in combination with polkit's pkexec and various SUID helper binaries. The exploit searches for known SUID helpers on the system, then uses ptrace and process manipulation to escalate privileges and spawn a root shell (/bin/bash). The README.md provides background on the vulnerability, usage instructions, and references to the original discovery and upstream advisories. The exploit is operational and has been tested on a wide range of Linux distributions and kernel versions. The main attack vector is local, requiring the attacker to execute the exploit on a vulnerable system. The code is self-contained and does not require a framework. The endpoints of interest are the various SUID helper binaries and pkexec, which are fingerprintable on target systems.

This repository contains a Python3 exploit for CVE-2019-13272, a local privilege escalation vulnerability in Linux PolicyKit (pkexec). The main file, CVE-2019-13272.py, is a standalone exploit that does not require external sources. It targets systems running vulnerable versions of Ubuntu, Debian, and Fedora with specific kernel versions and an active PolKit agent. The exploit works by manipulating processes and leveraging PolicyKit helpers to escalate privileges. Upon successful exploitation, it spawns a root shell by executing /bin/bash with UID and GID set to 0. The code includes checks for the required environment, enumerates available PolicyKit helpers, and uses several system binaries and files as part of its operation. The README provides additional context, including affected distributions and kernel versions, and notes the requirement for an active PolKit agent. The exploit is operational and provides a working root shell if the target is vulnerable.