module
ifwatchd Privilege Escalation
| Disclosed | Created |
|---|---|
| 03/10/2014 | 03/19/2019 |
Disclosed
03/10/2014
Created
03/19/2019
Description
This module attempts to gain root privileges on QNX 6.4.x and 6.5.x
systems by exploiting the ifwatchd suid executable.
ifwatchd allows users to specify scripts to execute using the '-A'
command line argument; however, it does not drop privileges when
executing user-supplied scripts, resulting in execution of arbitrary
commands as root.
This module has been tested successfully on QNX Neutrino 6.5.0 (x86)
and 6.5.0 SP1 (x86).
systems by exploiting the ifwatchd suid executable.
ifwatchd allows users to specify scripts to execute using the '-A'
command line argument; however, it does not drop privileges when
executing user-supplied scripts, resulting in execution of arbitrary
commands as root.
This module has been tested successfully on QNX Neutrino 6.5.0 (x86)
and 6.5.0 SP1 (x86).
Authors
cenobyteTim Brownbcoles
Platform
Unix
Architectures
cmd
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
msf > use exploit/qnx/local/ifwatchd_priv_esc
msf /(c) > show actions
...actions...
msf /(c) > set ACTION < action-name >
msf /(c) > show options
...show and set options...
msf /(c) > run
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.