Spawn elevated Pneuma via CVE-2022-0847

Compiles and executes a local privilege escalation exploit (CVE-2022-0847) to spawn a root shell and changes the root password to "operator". A pneuma agent is then spawned through a root shell.
View Command

You must be logged in to view this TTPs command.


Test this TTP

Download Operator (1.7.1)
Test this TTP using one of our Operator chains
Dirty Pipe CVE-2022-0847


Allows an attacker to modify arbitrary read-only files.