POC详情: 062452b11cebf7200cc20c2e8340267a840e8368

来源
https://github.com/DanaEpp/pwncat_dirtypipe
关联漏洞
标题: Linux kernel 安全漏洞 (CVE-2022-0847)
描述:Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel 存在安全漏洞,该漏洞源于新管道缓冲区结构的“flag”变量在 Linux 内核中的 copy_page_to_iter_pipe 和 push_pipe 函数中缺乏正确初始化。非特权本地用户利用该漏洞可以提升权限至root。以下产品和版本受到影响:Linux Kernel 5.8-5.16.11、5.8-5.15.25、5.8-5.10.102。
描述
pwncat module that automatically exploits CVE-2022-0847 (dirtypipe)
介绍
# pwncat_dirtypipe
[![asciicast](https://asciinema.org/a/UGXf1HIBdOU7Hrl4an8dO6HXJ.svg)](https://asciinema.org/a/UGXf1HIBdOU7Hrl4an8dO6HXJ)
pwncat module that automatically exploits CVE-2022-0847 (dirtypipe)
## Introduction
The purpose of this module is to attempt to exploit CVE-2022-0847 (dirtypipe) on a target when using pwncat.

There is no need to setup any directories, compile any source or even have gcc on the remote target; the dirtypipe module takes care of this automatically using the pwncat framework.

## Setup and Use
- Simply copy `dirtypipe.py` somewhere on your host where pwncat-cs is installed. ie: /home/user/pwncat_mods
- In pwncat, simply type: `load /home/user/pwncat_mods`
- To confirm the module loaded, type: `search dirtypipe`. You should see something like this:
```
(local) pwncat$ search dirtypipe
                                                      Results                                                      
                   ╷                                                                                               
  Name             │ Description                                                                                   
 ══════════════════╪══════════════════════════════════════════════════════════════════════════════════════════════ 
  dirtypipe        │ Exploit CVE-2022-0847 to local privesc to root via dirtypipe
``` 
- To execute, simply type `run dirtypipe`. If it's successful, you should see the UID change to 0, and now be root. ie:
```
(local) pwncat$ run dirtypipe

```

## Tips
- If you don't want to always call `load`, you can have pwncat automatically load this module on startup by placing it in `~/.local/share/pwncat/modules`
- To use the cross-compiler to build the exploit on your machine and upload it to the target, you need to set the **cross** variable in your pwncatrc file. This file is typically found at ~/.local/share/pwncat/pwncatrc`. ie:
```
# Set the gcc path
set cross "/usr/bin/gcc"
```

## Thanks
A special shout out to [Caleb Stewart](https://github.com/calebstewart/pwncat) for having an awesome framework to build this on top of.
文件快照

 [4.0K]  /data/pocs/062452b11cebf7200cc20c2e8340267a840e8368
├── [ 12K]  dirtypipe.py
├── [1.0K]  LICENSE
└── [2.3K]  README.md

0 directories, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。