-
Notifications
You must be signed in to change notification settings - Fork 13.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Module Request: Linux Local CVE-2016-5195 (dirtycow) #7467
Comments
|
I got a pentest right now, and am working on the ipv6_tables priv esc, up for grabs! |
just a note for whosoever tries this out. the action is limited to the size of the file. so your overwriting payload should be within the size of the existing file.
Not sure if its critical info but something where i wasted some time. don't want another person to waste time on that issue. |
If nobody else has time today, i can port it this evening. Currently trying to divine cleanup approach: |
|
I've created a demo for DirtyCow privilege escalation, but it need more tests.
|
I see no PRs :( |
@jvoisin @wvu-r7 @sempervictus @anantshri @h00die CVE-2016-5195 - DirtyCow privilege escalation.
|
@kthemis, did you have a valid session before attempting to use dirtycow? You'll need to have a working session on the target before attempting to escalate privilege, and set the module's SESSION option value to that working session number. |
@pbarry-r7 Is there any way to get the session ID? |
@kthemis: Seems like you don't have a shell. Get one. |
@pbarry-r7 If I have a "www-data" shell,what's next? |
@kthemis, the msfconsole |
Oh,pretty good.But there was a new error~~ |
@kthemis: See if those files still exist. If they do, delete them. Looks like |
There is just only one C file in the targert directory. @wvu-r7 |
@kthemis: Maybe you don't have GCC. ¯_(ツ)_/¯ |
Thanks a lot ,I'm just a beginner:).But now I hvae an another error:"Exploit failed: Rex::TimeoutError Operation timed out" @wvu-r7 |
@kthemis: Is your session still up? |
Yes,my session is still up.But when a new session created,I can't get a meterpreter shell. |
CVE-2016-5195 (aka DirtyCow) is an interesting privesc, with a PoC available.
The interesting part is that the exploit is super-reliable, and bypasses everything: grsecurity, selinux, smack, … and it affects kernels since 2.6.22
The text was updated successfully, but these errors were encountered: