2024-01-22 18:59:57 +05:30
id : privesc-choom
2023-12-13 22:07:24 +07:00
info :
name : choom - Privilege Escalation
author : daffainfo
severity : high
2024-01-22 18:59:57 +05:30
description : |
choom is a command-line utility in Linux that allows users to change the memory limits of a process. It can be used for privilege escalation by manipulating the memory limits of a process to gain elevated privileges.
reference :
- https://gtfobins.github.io/gtfobins/choom/
2023-12-13 22:07:24 +07:00
metadata :
verified : true
2024-03-04 08:20:22 +00:00
max-request : 3
2024-01-31 23:11:31 +05:30
tags : code,linux,choom,privesc,local
2023-12-13 22:07:24 +07:00
self-contained : true
code :
- engine :
- sh
- bash
source : |
2024-01-22 18:59:57 +05:30
whoami
2023-12-13 22:07:24 +07:00
- engine :
- sh
- bash
source : |
2024-01-22 18:59:57 +05:30
choom -n 0 whoami
2023-12-13 22:07:24 +07:00
- engine :
- sh
- bash
source : |
2024-01-22 18:59:57 +05:30
sudo choom -n 0 whoami
2023-12-13 22:07:24 +07:00
matchers-condition : and
matchers :
2024-01-22 18:59:57 +05:30
- type : word
part : code_1_response
words :
- "root"
negative : true
2023-12-13 22:07:24 +07:00
- type : dsl
dsl :
- 'contains(code_2_response, "root")'
- 'contains(code_3_response, "root")'
2024-01-22 16:20:01 +00:00
condition : or
2024-12-01 13:57:55 +00:00
# digest: 4a0a00473045022100833eb5a918f652c92c428b4a145d56a977ebe77c462fe2ad15f32d8ccb009933022032f5d3ea80e0145f31ee80aa91f0efb26e3a7a9ba25165ae72d3938d314e597b:922c64590222798bb761d5b6d8e72950
