🙌
Writeups
LearningLinkedIn
  • The Great Escape
  • Lookback
  • Outlook NTLM Leak
  • Year of the Fox
  • PS Eclipse
  • Eavesdropper
  • Tony the Tiger
  • Intro to Offensive Security
  • MD2PDF
  • Content Security Policy
  • Agent T
  • Introduction to Flask
  • Atlas
  • Bugged
  • Sigma
  • Intro to Cloud Security
  • Holo
  • CCT2019
  • Opacity
  • Empline
  • Phishing Emails 5
  • BlueTeam
  • Tempest
  • hackerNote
  • Watcher
  • CMesS
  • HA Joker CTF
  • OWASP Top 10 2021
  • Metasploit
  • Oh My WebServer
  • Road
  • Anonymous
  • Ollie
  • Training for New Analyst
  • Tokyo Ghoul
  • Dependency Management
  • KoTH Food CTF
  • Android Malware Analysis
  • Intro To Pwntools
  • AD Certificate Templates
  • CVE 2022 26923
  • Basic Static Analysis
  • Introduction To Honeypots
  • Intro to Pipeline Automation
  • Intro to Containerisation
  • ARP Spoofing
  • Mindgames
  • Brute Force Heroes
  • SQLMAP
  • Insekube
  • TakeOver
  • Boiler CTF
  • GoldenEye
  • Splunk 3
  • Tempus Fugit Durius
  • Warzone 1
  • OWASP API Security Top 10 2
  • Temple
  • AllSignsPoint2Pwnage
  • OWASP API Security Top 10 1
  • Secret Recipe
  • NoNameCTF
  • Binex
  • Jack
  • Tactical Detection
  • Jurassic Park
  • DX1 Liberty Island
  • Brute
  • Biblioteca
  • Napping
  • Kubernetes for Everyone
  • 0day
  • Osiris
  • Set
  • NoSQL injection Basics
  • Warzone 2
  • Atlassian, CVE 2022 26134
  • Jason
  • VulnNet: Roasted
  • VulnNet Internal
  • VulnNet Node
  • Brooklyn Nine Nine
  • Thompson
  • The Cod Caper
  • Neighbour
  • ColddBox Easy
  • Library
  • All in One
  • Poster
  • Gallery
  • Cat Pictures
  • Boogeyman 1
  • Corridor
  • Team
  • Ra 2
  • Advent of Cyber 2022
  • Bookstore
  • Intro to Malware Analysis
  • TheHive Project
  • Velociraptor
  • KAPE
  • Lunizz CTF
  • Linux Forensics
  • DFIR An Introduction
  • Benign
  • Cyborg
  • Year of the rabbit
  • Blaster
  • Easy Peasy
  • Couch
  • Chocolate Factory
  • REmux The Tmux
  • Spring4Shell
  • Dirty Pipe
  • OverlayFS
  • Pwnkit
  • CTF collection Vol.2
  • Gotta Catch'em All!
  • Break Out The Cage
  • Bolt
  • Source
  • AttackerKB
  • Intro to Defensive Security
  • Careers in Cyber
  • OSI Model
  • Packets&Frames
  • Extending Your Network
  • How websites work
  • Putting it all together
  • Operating System Security
  • Network Security
  • Security Operations
  • Network Services
  • Network Services 2
  • Active Directory Basics
  • Attacking Kerberos
  • Subdomain Enumeration
  • Authentication Bypass
  • IDOR
  • File Inclusion
  • Masterminds
  • SSRF
  • Command Injection
  • Cross site Scripting
  • Burp Suite Extender
  • Burp Suite Intruder
  • Surfer
  • Willow
  • Conti
  • Unattended
  • Tardigrade
Powered by GitBook
On this page

Was this helpful?

OverlayFS

PreviousDirty PipeNextPwnkit

Last updated 2 years ago

Was this helpful?

It's often used by live USBs, or some other specialist applications. One use is having a read only root file system, and another partition "overlayed" with that to allow applications to write to a temporary file system.

This vulnerability is particularly serious, as overlayfs is a kernel module that is installed by default on Ubuntu 1804 Server. If the system is vulnerable, you can very easily escalate from any user to root, as long as you can run a binary. If there isn't a C compiler installed on the machine, you can compile the binary statically elsewhere and copy just the binary over.

ssh

==overlya:tryhackme123==

uname -a
nano exploit.c
gcc exploit.c -o exploit
./exploit
id
cat /root/flag.txt

==thm{27aaa5865a52dcd4cb04c0e0a2d39404}==

[[Dirty Pipe]]

SSD-Disclosure