Spawn elevated Pneuma via CVE-2022-0847

Tactic: Privilege-escalation

Community

Compiles and executes a local privilege escalation exploit (CVE-2022-0847) to spawn a root shell and changes the root password to "operator". A pneuma agent is then spawned through a root shell.

View Command

You must be logged in to view this TTPs command.

Login

Authors

vvx7

Tactic

Privilege-escalation

Test this TTP

Download Operator (1.7.1)

Test this TTP using one of our Operator chains

Dirty Pipe CVE-2022-0847

2022-03-14

Allows an attacker to modify arbitrary read-only files.

About PreludePrelude hardens an organization's defenses by continuously “asking” it questions through the form of safe cyberattacks. These attacks respond immediately to the latest vulnerabilities and cyber events, turning complex technical descriptions into deployable “questions”.Our mission is to increase the reach, frequency and usage of advanced security for all organizations.

Follow @preludeorg on Twitter for new chains and more.

Join the Prelude Discord to discuss chains and more.

Keep up to date with code changes and community activity on Github

Prelude.org Careers Tactics & Techniques Attack themes

Privacy Policy support@prelude.org© 2022 Prelude Research, Inc.All rights reserved. Prelude, its logo and other trademarks are trademarks of Prelude Research, Inc. and may not be used without permission.

Spawn elevated Pneuma via CVE-2022-0847

Authors

Tags

Tactic

Test this TTP