关联漏洞
标题:
Linux kernel 竞争条件问题漏洞
(CVE-2016-5195)
描述:Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel 2.x至4.8.3之前的4.x版本中的mm/gup.c文件存在竞争条件问题漏洞,该漏洞源于程序没有正确处理copy-on-write(COW)功能写入只读内存映射。本地攻击者可利用该漏洞获取权限。
介绍
# dirtycow
This exploit uses the pokemon exploit of the dirtycow vulnerability as a base and automatically generates a new passwd line.
The user will be prompted for the new password when the binary is run.
The original /etc/passwd file is then backed up to /tmp/passwd.bak and overwrites the root account with the generated line.
After running the exploit you should be able to login with the newly created user.
To use this exploit modify the user values according to your needs.
The default user being created is `firefart`.
Original exploit (dirtycow's ptrace_pokedata "pokemon" method):
https://github.com/dirtycow/dirtycow.github.io/blob/master/pokemon.c
Compile with:
```bash
gcc -pthread dirty.c -o dirty -lcrypt
```
Then run the newly create binary by either doing:
```bash
./dirty
```
or
```bash
./dirty my-new-password
```
Afterwards, you can either `su firefart` or `ssh firefart@...`
**DON'T FORGET TO RESTORE YOUR /etc/passwd AFTER RUNNING THE EXPLOIT!**
```bash
mv /tmp/passwd.bak /etc/passwd
```
Exploit adopted by Christian "FireFart" Mehlmauer
https://firefart.at
文件快照
[4.0K] /data/pocs/403c2390d0c6b4214a15430fb9003328e7bf104a
├── [4.7K] dirty.c
└── [1.1K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。