Spawn elevated Pneuma via CVE-2021-33909 (Sequoia)
Spawn a beacon using the (Sequoia) identified in CVE-2021-3156. fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. You need 1 million free inodes available in the directory where you execute the exploit payload. Using the home directory yields highest probability of success.
To view this TTPs command, you must be logged in with a professional or enterprise license.Login
Test this TTP
Download Operator (1.7.1)