Skip to content

Arinerron/CVE-2022-0847-DirtyPipe-Exploit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits

.gitignore

.gitignore

 
 

LICENSE.txt

LICENSE.txt

 
 

README.md

README.md

 
 

compile.sh

compile.sh

 
 

exploit.c

exploit.c

 
 

Repository files navigation

What is this

This is Max Kellermann's proof of concept for Dirty Pipe, but modified to overwrite root's password field in /etc/passwd and restore after popping a root shell.

Side Note: I do not claim any credit for finding this vulnerability or writing the proof of concept. This exploit is merely a small modification of Kellermann's proof of concept to enable quick/easy exploitation. Please read the original article on this extremely interesting vulnerability @ https://dirtypipe.cm4all.com/ when you get the opportunity. It really does deserve your time to understand it.

How to use this

  1. Compile with ./compile.sh (assumes gcc is installed)
  2. Run ./exploit and it'll pop a root shell

su: must be run from a terminal

If you get this error message:

  1. Login as root with the password aaron.
  2. Then, restore /etc/passwd by running mv /tmp/passwd.bak /etc/passwd

(oops sorry my laptop battery is dying and my charger broke so I don't have time to fix this the right now, sorry)

About

A root exploit for CVE-2022-0847 (Dirty Pipe)

Resources

Readme

License

GPL-2.0 license
Activity

Stars

1.1k stars

Watchers

17 watching

Forks

219 forks
Report repository

Languages