1 of 7

Laocoön

Automated Linux Privilege Escalation via Kernel Exploitation

2 of 7

Goals

Penetration Testing
Vulnhubs

3 of 7

How it Works

Searchsploit
Download exploits to target's machine
Run exploits and check if root

4 of 7

5 of 7

Build Process

Create a cohesive script from existing APIs
Python 3 and Bash
Challenges

Outdated software on the target machine
Had to figure out alternate ways to send payload through sockets
Could not decode base64 on the machine
Hex could be decoded with "echo -e <hex>| cat" on the target machine.

We used preexisting tools and parsed and combined their functionalities to create one cohesive script that automates the entire process. The program was built with Python 3 and a variety of Bash and Python commands that are sent to the victim's machine.

The machine that we attacked for testing has lots of outdated software which made it difficult to find ways to execute certain commands on the system. There were many commands that did not exist, or were not new enough to work properly.

We also had lots of problems sending the script to the machine that was responsible for compiling and running the exploits. This python script could not be sent directly through sockets because of it's formatting and we could not use a tool like `wget` to download it from a webserver, so we had to figure out a way to send it in another format.

We first tried encoding the script in base64, but the machine did not have any way to decode it. We found that if we encoded the data in hex, we could decode it using `echo -e <hex>| cat`.

6 of 7

What's Next?

Implement automation for other privilege escalation vectors
Refine the search for exploits more to reduce runtime

7 of 7

Questions?