![metasploit local exploit suggester metasploit local exploit suggester](https://cdn.ttgtmedia.com/rms/onlineimages/Figure_8_desktop.jpg)
![metasploit local exploit suggester metasploit local exploit suggester](https://secureservercdn.net/160.153.137.218/60b.a71.myftpupload.com/wp-content/uploads/2015/10/edb4.jpg)
This is the second of two proof of concepts related to this issue. Testing shows that the exploit is still successful in this scenario. During that installation, snapd may upgrade itself to a non-vulnerable version.
![metasploit local exploit suggester metasploit local exploit suggester](https://2.bp.blogspot.com/-WBb7C9ABUxI/UdW-nIlq9sI/AAAAAAAAAiA/yr94PmE9d10/s640/1011326_705717659442110_1878125169_n.png)
If this is the case, this version of the exploit may trigger it to install those dependencies. Some older Ubuntu systems (like 16.04) may not have the snapd components installed that are required for sideloading. This exploit should also be effective on non-Ubuntu systems that have installed snapd but that do not support the "create-user" API due to incompatible Linux shell syntax. It will also work on newer versions of Ubuntu with no Internet connection at all, making it resilient to changes and effective in restricted environments. As opposed to version one, this does not require the SSH service to be running. This user will have permissions to execute sudo commands. dirty_sockv2 leverages the vulnerability to install an empty "devmode" snap including a hook that adds a new user to the local system. Snaps in "devmode" bypass the sandbox and may include an "install hook" that is run in the context of root at install time. This allows the installation of arbitrary snaps. This exploit bypasses access control checks to use a restricted API function (POST /v2/snaps) of the local snapd service. Search for Search snapd 2.37 (Ubuntu) dirty_sock Local Privilege Escalation Posted Authored by Chris Moberly