This exploit demonstrates a local privilege escalation (LPE) in OpenTFTP Server v1.66 by replacing the service binary due to insecure file permissions. The attacker compiles a malicious binary to add an admin user and restores the original service binary.
Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target:OpenTFTP Server v1.66
Auth required
Prerequisites:Local access to the system · OpenTFTP Server v1.66 installed with default permissions