# Kernel Exploits Finding and using kernel exploits is usually a simple process: 1. Enumerate kernel version (uname -a). 2. Find matching exploits (Google, ExploitDB, Github). 3. Compile and run. Kernel exploits can often be unstable and may be one-shot or cause a system crash. Kernel exploits should be a last resort. ```bash $ uname -a Linux kali 5.16.0-kali7-amd64 #1 SMP PREEMPT Debian 5.16.18-1kali1 (2022-04-01) x86_64 GNU/Linux ``` In the above example we see that this vm is running kernel version 5.16.0 We will use searchsploit to find matching exploits, we want specifically linux kernel exploits matching the kernel version we found and we only care about exploits concerning privilege escalation. ```bash $ searchsploit linux kernel 5.16.0 priv esc ------------------------------------------------------------------------------------------------------------------------------------------- --------------------------------- Exploit Title | Path ------------------------------------------------------------------------------------------------------------------------------------------- --------------------------------- Linux Kernel 2.4/2.6 (RedHat Linux 9 / Fedora Core 4 < 11 / Whitebox 4 / CentOS 4) - 'sock_sendpage()' Ring0 Privilege Escalation (5) | linux/local/9479.c Linux Kernel 4.8.0 UDEV < 232 - Local Privilege Escalation | linux/local/41886.c Linux Kernel 5.8 < 5.16.11 - Local Privilege Escalation (DirtyPipe) | linux/local/50808.c ------------------------------------------------------------------------------------------------------------------------------------------- --------------------------------- ``` ## Linux Exploit Suggester 2 ```bash $ ./Linux-exploit-suggester-2.pl -k 2.6.32 ``` In the above example we are looking for exploits for kernel version 2.6.32