2024-01-22 18:59:57 +05:30
id : privesc-choom
2023-12-13 22:07:24 +07:00
info :
name : choom - Privilege Escalation
author : daffainfo
severity : high
2024-01-22 18:59:57 +05:30
description : |
choom is a command-line utility in Linux that allows users to change the memory limits of a process. It can be used for privilege escalation by manipulating the memory limits of a process to gain elevated privileges.
reference :
- https://gtfobins.github.io/gtfobins/choom/
2023-12-13 22:07:24 +07:00
metadata :
2024-01-29 11:58:34 +00:00
max-request : 3
2023-12-13 22:07:24 +07:00
verified : true
2024-01-31 23:11:31 +05:30
tags : code,linux,choom,privesc,local
2023-12-13 22:07:24 +07:00
self-contained : true
code :
- engine :
- sh
- bash
source : |
2024-01-22 18:59:57 +05:30
whoami
2023-12-13 22:07:24 +07:00
- engine :
- sh
- bash
source : |
2024-01-22 18:59:57 +05:30
choom -n 0 whoami
2023-12-13 22:07:24 +07:00
- engine :
- sh
- bash
source : |
2024-01-22 18:59:57 +05:30
sudo choom -n 0 whoami
2023-12-13 22:07:24 +07:00
matchers-condition : and
matchers :
2024-01-22 18:59:57 +05:30
- type : word
part : code_1_response
words :
- "root"
negative : true
2023-12-13 22:07:24 +07:00
- type : dsl
dsl :
- 'contains(code_2_response, "root")'
- 'contains(code_3_response, "root")'
2024-01-22 16:20:01 +00:00
condition : or
2024-01-31 17:43:39 +00:00
# digest: 4a0a0047304502203b1238ca7d9be64f51e9162022deaf76b02898053cbb3511377e76228d3d79ef0221008b6aa349a17b0a16a0d0949f1797c8e111d2498185b88fe99c326c60c59167c9:922c64590222798bb761d5b6d8e72950
