Chains
TTPs
Blog
Login
Prelude chain browser
eBPF CVE-2021-3490
The eBPF chain first performs a kernel version check to establish if the exploit will launch in the environment. If the kernel version is vulnerable, it then ingresses the exploit payload, launching a privileged Pneuma agent.
2021-11-09
Professional
This is a professional attack chain. A professional subscription automatically gives you access to this chain + 50 more, with direct integration inside of Operator.
Authors:
xanthonus, chompie1337, _manfp
Execute this chain
Download Operator (1.7.1)
Learn about Operator
TTPs
Compare linux kernel versions
Get linux kernel version
Spawn elevated Pneuma via CVE-2021-3490 (eBPF)
Tactics
Discovery
Privilege-escalation
User-Set Custom Variables
exploitable.version: 5.11.0-17