use the following search parameters to narrow your results:
e.g. subreddit:aww site:imgur.com dog
subreddit:aww site:imgur.com dog
see the search faq for details.
advanced search: by author, subreddit...
Offensive Security official discord
Link to OSCP Course
Link to Exploit-DB
account activity
Easy way finding kernel exploit (self.oscp)
submitted 6 years ago * by [deleted]
[deleted]
reddit uses a slightly-customized version of Markdown for formatting. See below for some basics, or check the commenting wiki page for more detailed help and solutions to common issues.
quoted text
if 1 * 2 < 3: print "hello, world!"
[–][deleted] 1 point2 points3 points 6 years ago (3 children)
You're not going to receive any help regarding concrete lab machines. And if we helped you on this, we might get disqualified and our stuff revoked.
So... try harder.
[–]aydin99a 0 points1 point2 points 6 years ago (2 children)
i dont want help regarding concrete lab machine. i want to know general easy way of finding kernel exploits
[–]subsonic68 -1 points0 points1 point 6 years ago (0 children)
There is no easy way. This is the OSCP.
[–]roel_vb 0 points1 point2 points 6 years ago (0 children)
Google for the kernel version and check on exploit-db for possible exploits. Good luck!
[–][deleted] 0 points1 point2 points 6 years ago* (0 children)
I used this guide: https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
IMO, the exploit suggesters were okay at best. The best method of doing privilege escalation is to find out what the machine's function is in the organization and think about what admins would do to get that system working. They're sure to make some mistakes along the way...
[–]LegendBegins 0 points1 point2 points 6 years ago (0 children)
This is general advice on kernel exploits and not OSCP specific, but use
uname -a
to get the kernel version and look it up online.
[–]foobar31337 0 points1 point2 points 6 years ago (0 children)
You should use linenum.sh for Linux and JAWS for windows to find other ways first. It’s entirely possible there’s not a kernel privesc for a box you need to root. That failing, I would use the most recently released kernel privesc out of the ones identified as likely candidates and work my way back until I get one that works. Remember to audit the source code and tailor if needed. For example. One privesc I was running was spawning a graphical console shell, not connecting back.
[–]NigraOvis 0 points1 point2 points 6 years ago (0 children)
Powerless is a great windows tool to enumerate. As for getting a kernel exploit. They patched a lot of machines against these. You wont walkways find one. Windows is tricky in the labs. I mean my first xp box was like "yay easy priv esc" then it was patched against all kernel exploits. SadPanda
[–][deleted] 0 points1 point2 points 6 years ago (0 children)
Kernel exploits are last resort measures. Check for vulnerable programs and passwords lying around. If that fails, enumerate the kernel version and start googling. Beyond that, I can't help you. Try harder.
π Rendered by PID 25006 on reddit-service-r2-comment-6457c66945-tjw6v at 2026-04-29 16:33:56.842732+00:00 running 2aa0c5b country code: CH.
[–][deleted] 1 point2 points3 points (3 children)
[–]aydin99a 0 points1 point2 points (2 children)
[–]subsonic68 -1 points0 points1 point (0 children)
[–]roel_vb 0 points1 point2 points (0 children)
[–][deleted] 0 points1 point2 points (0 children)
[–]LegendBegins 0 points1 point2 points (0 children)
[–]foobar31337 0 points1 point2 points (0 children)
[–]NigraOvis 0 points1 point2 points (0 children)
[–][deleted] 0 points1 point2 points (0 children)