Dirty Pipe

This repository is a small standalone local privilege-escalation exploit project centered on a single C source file, src/exp.c. The surrounding files are minimal build and packaging infrastructure: a Makefile for static compilation, a GitHub Actions workflow that cross-compiles release binaries for x86_64, i386, aarch64, and armv7 using glibc and musl, and a README describing the exploit as a precompiled Dirty Pipe package. The actual exploit is a modified Dirty Pipe (CVE-2022-0847) proof of concept. Instead of being a generic arbitrary-file overwrite demo, it is weaponized for privilege escalation on Linux. It hardcodes /etc/passwd as the target, backs it up to /tmp/passwd.bak, and uses the Dirty Pipe page-cache overwrite primitive to replace the root account entry beginning at offset 4 with a crafted passwd line containing a known MD5-crypt password hash for the password 'aaron'. After the overwrite, it runs /bin/sh with a command that pipes the password into su to become root, restores the original /etc/passwd from the backup, and then drops into a root shell. Exploit flow in src/exp.c: prepare a pipe with PIPE_BUF_FLAG_CAN_MERGE set on stale pipe_buffer structures; open /etc/passwd read-only; validate offset and page-boundary constraints required by Dirty Pipe; splice one byte before the target offset into the pipe to attach the page cache page; write attacker-controlled data into the pipe so it merges into the page cache; then execute a shell command to authenticate as root and restore the file. There is no network communication, no C2, and no remote target logic. This is strictly a local exploit for vulnerable Linux systems. Notable operational characteristics: the payload is hardcoded, the target file path is hardcoded, the root password is hardcoded, and success depends on the passwd file layout matching the expected root entry format. Because it includes a complete privilege-escalation chain and interactive shell step, it is more than a bare POC, but it is not a reusable framework module.

Repository purpose: proof-of-concept reproducer/detector for CVE-2022-0847 (Dirty Pipe) using two approaches: (1) a minimized C PoC that directly attempts the known pipe+splice sequence against a hardcoded file, and (2) a Rust “naive detector and reproducer” that generates syscall programs from constrained building blocks and performs differential testing by comparing a simplified model (“fake kernel”) to the real kernel behavior. Key exploit capability: local file page-cache overwrite without write permissions by preparing a pipe (fill+drain to set pipe buffer flags), splicing 1 byte from a read-only file into the pipe, then writing attacker-controlled bytes into the pipe to overwrite the file’s cached contents. In this repo, the overwrite is demonstrated on /etc/passwd. Repository structure: - README.md: explains the differential-testing approach, shows example execution over SSH into a QEMU VM, and demonstrates /etc/passwd corruption when the bug is found. - build-kernel-and-minimal-poc/: tooling to build a vulnerable Linux kernel (5.16.10), create a Debian (trixie) disk image, compile a static minimal PoC, and run QEMU with SSH port forwarding. - build-kernel.sh: downloads and builds Linux 5.16.10 with many debug/fuzzing-friendly configs. - build-diskimage.sh: fetches Syzkaller’s create-image.sh to build a VM image. - poc-min.c: minimized Dirty Pipe PoC/detector; warns to run unprivileged; permanently modifies /etc/passwd if vulnerable. - run.sh: launches qemu-system-x86_64 with hostfwd tcp:127.0.0.1:10021->:22. - reproducer/: Rust project that generates programs (Open/ReadAll/WriteAll/Pipe/SpliceAll) and runs them step-by-step against both a model (fake.rs) and the real kernel (real.rs via raw syscalls). Any divergence triggers an assertion/panic, effectively “finding” the bug. Notable implementation details: - The Rust model includes many “MAGIC VALUE” constraints (hardcoded /etc/passwd contents, fixed splice length=1, fixed open flags O_RDONLY, pipe capacity assumptions) to make discovery of the minimal triggering sequence feasible without advanced fuzzing. - The real executor uses direct syscalls: open(2), pipe(22), read(0), write(1), splice(275) on x86_64. Overall: this is a local-kernel vulnerability reproducer with a built-in environment to compile/run a vulnerable kernel in QEMU and demonstrate the Dirty Pipe overwrite primitive; it is not a remote exploit and does not implement a full privilege escalation chain beyond corrupting a target file.

This repository provides a local privilege escalation exploit for the Linux Dirty Pipe vulnerability (CVE-2022-0847). The main entry point is the Bash script 'Dirty-Pipe.sh', which automates the exploitation process. The script generates and compiles a C proof-of-concept exploit (exp.c) that leverages the Dirty Pipe vulnerability to overwrite arbitrary file contents in the page cache, even on read-only or immutable files. The exploit specifically targets '/etc/passwd', modifying the root user's password field to be empty, thus enabling passwordless root access. The script also creates a backup of the original '/etc/passwd' at '/tmp/passwd_backup' and provides instructions for restoring it. The exploit requires local shell access, a vulnerable Linux kernel (5.8 or later), and the ability to compile C code. The repository contains two files: the exploit script and a README with usage instructions and background information.

This repository contains a local privilege escalation exploit for CVE-2022-0847 (Dirty Pipe) affecting vulnerable Linux kernels. The exploit is implemented in C (cve-2022-0847.c) and is designed to overwrite the /etc/passwd file, specifically modifying the root account entry to remove its password. This allows an attacker with local access to gain passwordless root access. The exploit works by abusing the Dirty Pipe vulnerability to write arbitrary data into the /etc/passwd file, replacing the root entry with one that has no password. The repository includes a README.md with usage instructions and a brief explanation of the exploit's purpose. No network endpoints are involved; the attack vector is purely local, targeting the file system. The exploit is operational and provides a direct method to escalate privileges on affected systems.

This repository is a Rust implementation of the DirtyPipe (CVE-2022-0847) local privilege escalation exploit for Linux. The exploit allows a local attacker to overwrite arbitrary files, including SUID binaries, by abusing a flaw in the Linux kernel's pipe buffer handling. The main entry point is 'src/main.rs', which parses command-line arguments to select between two modes: 'overwrite' (arbitrary file overwrite) and 'suid' (privilege escalation by overwriting a SUID binary, defaulting to /usr/bin/passwd). The exploit checks the kernel version for vulnerability, backs up the target file to /tmp, and then uses a pipe-based technique to overwrite the file at a specified offset. For privilege escalation, a custom SUID payload is generated using 'gen_suid.py' (Python, pwntools) and 'loader.asm' (assembly), which creates a minimal ELF binary that spawns a root shell. The repository is well-structured, with clear separation between exploit logic, helpers, and payload generation scripts. No network endpoints are present; all actions are performed locally on the target system.

This repository contains a proof-of-concept (PoC) exploit for the Dirty Pipe vulnerability (CVE-2022-0847), which affects Linux kernel versions 5.8 through 5.16. The main exploit code is in 'dirtypipe.c', a C program that demonstrates local privilege escalation by exploiting improper handling of pipe buffer flags in the Linux kernel. The exploit works by targeting a SUID binary, overwriting its contents with custom ELF shellcode that spawns a root shell, executing the hijacked binary to gain root privileges, and then restoring the original binary to avoid detection. The exploit includes anti-debugging features by checking '/proc/self/status' and using ptrace to detect debuggers. The README.md provides detailed instructions, prerequisites, and a step-by-step explanation of the exploit flow. The only code file is 'dirtypipe.c', and the repository is structured with a README, LICENSE, and the exploit source code. No network endpoints are involved; the attack vector is purely local, requiring the attacker to have code execution on a vulnerable Linux system.

This repository contains a proof-of-concept exploit for the Dirty Pipe vulnerability (CVE-2022-0847) in the Linux kernel. The exploit is written in C (exploit.c) and is accompanied by a shell script (compile.sh) for compilation and a README.md with usage instructions. The exploit works by abusing the Dirty Pipe vulnerability to overwrite the root user's password hash in /etc/passwd, setting it to a known value. It first backs up the original /etc/passwd to /tmp/passwd.bak, performs the overwrite, and then spawns a root shell. After gaining root access, it restores the original /etc/passwd file. The attack vector is local privilege escalation, requiring local access to the vulnerable system. The main fingerprintable endpoints are the /etc/passwd and /tmp/passwd.bak files, as well as the use of /bin/sh for shell access. The exploit is operational and provides a working privilege escalation path on unpatched Linux systems vulnerable to Dirty Pipe.

This repository contains a proof-of-concept (PoC) exploit for CVE-2022-0847, also known as 'Dirty Pipe', a local privilege escalation vulnerability in the Linux kernel (versions 5.8 and later, except for patched versions 5.16.11, 5.15.25, and 5.10.102). The repository consists of a detailed README.md explaining the vulnerability, exploitation steps, and mitigation, and a single C source file (exp.c) implementing the exploit. The exploit works by abusing uninitialized flags in the Linux pipe buffer, allowing an unprivileged local user to overwrite arbitrary data in the page cache of read-only files. This can be used to modify critical files such as /etc/passwd or /root/.ssh/authorized_keys, enabling privilege escalation or persistence. The exploit requires the attacker to specify the target file, offset, and data to write, and is subject to page boundary limitations. The code is a standalone PoC and does not belong to any exploit framework.

This repository contains a local privilege escalation exploit for the Linux kernel vulnerability CVE-2022-0847, also known as 'Dirty Pipe'. The exploit is implemented in C (exploit.c) and is accompanied by a README.md with usage instructions and background information. The exploit works by abusing a flaw in the Linux kernel's pipe buffer handling to overwrite the contents of a SUID binary (such as /bin/passwd) with a small embedded ELF payload. This payload, when executed, creates a SUID root shell at /tmp/sh, which is then executed to provide the attacker with a root shell. After execution, the exploit attempts to restore the original SUID binary. The exploit targets Linux kernel versions 5.8 and later, up to the fixed versions (5.16.11, 5.15.25, 5.10.102). The attack vector is local, requiring the attacker to have access to the target system. The main fingerprintable endpoints are the file paths /tmp/sh (where the root shell is dropped) and /bin/sh (executed by the payload). The repository is structured simply, with one exploit source file and a README.

This repository contains a proof-of-concept exploit for the Dirty Pipe vulnerability (CVE-2022-0847) affecting Linux kernel versions 5.8 and later. The exploit is implemented as a Bash script (Exploit.sh) that generates and compiles a C program (exp.c). The C program leverages the Dirty Pipe bug to overwrite arbitrary file contents in the page cache, even if the file is read-only, immutable, or on a read-only mount. The script demonstrates exploitation by targeting /etc/passwd, allowing an unprivileged user to modify the root password entry and escalate privileges to root. The script also backs up the original /etc/passwd to /tmp/passwd and provides instructions to restore it. The exploit requires local code execution on a vulnerable Linux system. The repository structure is simple, consisting of the main exploit script and a README describing the vulnerability and its impact.

This repository contains a C implementation of the Dirty Pipe exploit (CVE-2022-0847) targeting the Linux kernel. The main file, dpipe.c, is a modular and user-friendly exploit that allows local privilege escalation by overwriting arbitrary files, most notably /etc/passwd, to set the root password to a known value ('el3ph@nt!'). The exploit can also be used to overwrite arbitrary files at a specified offset, provided the attacker has local access. The exploit first creates a backup of the target file (e.g., /etc/passwd to /tmp/passwd.bak), then uses the Dirty Pipe vulnerability to overwrite file contents without proper permissions. The README provides detailed usage instructions and demonstrates both privilege escalation and arbitrary file overwrite. The code is operational and ready for use on vulnerable Linux systems. No network endpoints are hardcoded, but the README suggests downloading the compiled binary via HTTP for deployment. The attack vector is local, requiring code execution on the target system.

This repository contains a proof-of-concept exploit for the Dirty Pipe vulnerability (CVE-2022-0847) in the Linux kernel (5.8 and later, before patch). The main exploit is implemented in 'exploit.c', which demonstrates how to overwrite arbitrary file contents in the page cache, even for files that are read-only or immutable. The exploit specifically targets '/etc/passwd', overwriting the root user's password field to a known value ('aaron'), thereby allowing the attacker to gain root access via 'su'. The exploit also backs up the original '/etc/passwd' to '/tmp/passwd.bak' and restores it after exploitation. The repository includes a shell script ('compile.sh') for compiling the exploit, a README with usage instructions, and standard license and gitignore files. The attack vector is local privilege escalation, requiring the attacker to execute the exploit on a vulnerable system. The exploit is operational, providing a working payload and restoration mechanism.

This repository contains two operational local privilege escalation exploits for the Linux Dirty Pipe vulnerability (CVE-2022-0847). The structure includes two C source files (exploit-1.c and exploit-2.c), a bash compilation script (compile.sh), and a detailed README.md. - exploit-1.c overwrites /etc/passwd to set the root password to 'piped', spawns a root shell, and restores the original passwd file after use. It backs up the original /etc/passwd to /tmp/passwd.bak. - exploit-2.c hijacks a specified SUID root binary (e.g., /usr/bin/sudo) by injecting a small SUID ELF payload that drops a root shell at /tmp/sh, then attempts to restore the original binary. Both exploits require local access and a vulnerable Linux kernel (5.8+ up to patched versions). The repository is well-documented and provides both the exploit code and usage instructions. No network endpoints are involved; all actions are performed locally on the target system. The exploits are operational and provide a root shell upon successful execution.

This repository contains a proof-of-concept exploit for the Dirty Pipe vulnerability (CVE-2022-0847) affecting Linux kernel versions 5.8 through 5.10.101, 5.15.24, and 5.16.10. The exploit is implemented in C (dirtypipe.c) and demonstrates a local privilege escalation attack. It works by overwriting a SUID binary (default: /usr/bin/su) with a custom ELF payload that spawns a root shell at /tmp/sh. After execution, the exploit restores the original SUID binary to minimize detection. The README provides background on the vulnerability and mitigation steps. The exploit requires local access and the ability to execute binaries, and is operational with a hardcoded payload. No network endpoints are involved; the attack vector is purely local file system manipulation.

This repository contains a proof-of-concept (POC) exploit for the Dirty Pipe vulnerability (CVE-2022-0847) in the Linux kernel. The exploit is implemented in C (exp.c) and demonstrates how an unprivileged local user can overwrite arbitrary file contents in the page cache, even for files that are read-only, immutable, or on a read-only mount. The README.md provides background, usage instructions, and references. The exploit works by manipulating pipe buffer flags and using splice and write syscalls to inject arbitrary data into a target file at a specified offset, with limitations on page boundaries. The main use case is privilege escalation, such as modifying /etc/passwd to add a new root user. The exploit targets Linux kernel versions 5.8 and later, prior to the fixed versions (5.16.11, 5.15.25, 5.10.102).

This repository provides a proof-of-concept (PoC) exploit for the Dirty Pipe vulnerability (CVE-2022-0847) in Linux kernels 5.8 and later. The main file, Dirty-Pipe.sh, is a Bash script that generates a C source file (exp.c) containing the exploit code, compiles it, and then uses it to overwrite arbitrary file contents in the page cache. The script specifically targets /etc/passwd, backing it up to /tmp/passwd, and then modifies the root user's entry to allow privilege escalation. The exploit demonstrates the ability to write to files that are otherwise read-only or immutable, leveraging a flaw in the pipe buffer flags. The repository includes a README with usage instructions and environment details. The exploit is operational and demonstrates local privilege escalation on vulnerable Linux systems.

This repository contains a proof-of-concept (PoC) exploit for the Dirty Pipe vulnerability (CVE-2022-0847) affecting Linux kernel 5.8 and later. The exploit is implemented in a single C file (dirtypipez.c) and is designed to be compiled and run locally by an unprivileged user. It works by exploiting a flaw in the Linux kernel's pipe buffer handling, allowing the attacker to overwrite arbitrary read-only files in the page cache. The exploit specifically targets a SUID binary (such as /bin/su), overwriting its contents with a small embedded ELF payload that, when executed, drops a SUID root shell at /tmp/sh. The exploit then restores the original SUID binary and spawns a root shell for the attacker. The README.md provides background on the vulnerability, usage instructions, and credits. The exploit does not require network access and is purely local privilege escalation. The main fingerprintable endpoints are the SUID binary targeted (e.g., /bin/su), the dropped shell at /tmp/sh, and the use of /bin/sh for root shell access.

This repository contains a Python proof-of-concept exploit for CVE-2022-0847, also known as the 'Dirty Pipe' vulnerability in the Linux kernel. The exploit is implemented in 'poc.py' and is designed to escalate privileges by adding the current user to the 'sudo' group in the '/etc/group' file. The exploit works by abusing the Dirty Pipe vulnerability to overwrite arbitrary data in the '/etc/group' file, specifically modifying the sudo group entry. Before making changes, the script creates a backup of '/etc/group' at '/tmp/group_backup'. The exploit requires Python 3.10 due to its use of the 'os.splice' system call. The attack vector is local privilege escalation, and the exploit is operational, providing a working method to gain root privileges on vulnerable Linux systems. The repository structure is simple, consisting of a README.md with usage instructions and a single exploit script (poc.py).

This repository contains a proof-of-concept exploit for CVE-2022-0847 (Dirty Pipe), a vulnerability in the Linux kernel (5.8 and later) that allows local attackers to overwrite arbitrary file contents in the page cache, even for files that are read-only, immutable, or on a read-only mount. The exploit is implemented in C (exploit.c) and takes three arguments: a target file path, an offset, and the data to write. The README provides usage instructions and demonstrates privilege escalation by overwriting /etc/passwd. The exploit requires local code execution on a vulnerable Linux system. No network endpoints are involved; the attack vector is purely local file manipulation. The repository is minimal, containing only the exploit code and documentation.

This repository contains a proof-of-concept exploit for CVE-2022-0847, also known as Dirty Pipe, a privilege escalation vulnerability in the Linux kernel (5.8 and later). The exploit is implemented in a single C file (cve_2022_0847.c) and allows a local attacker to overwrite arbitrary file contents in the page cache, even for files that are read-only, immutable, or on read-only mounts. The README.md provides usage instructions, demonstrating how the exploit can be used to add a new root user by modifying /etc/passwd. The exploit requires the offset not to be on a page boundary and the write not to cross a page boundary. The main attack vector is local privilege escalation, and the exploit targets Linux systems vulnerable to Dirty Pipe. No network endpoints are present; the main fingerprintable endpoints are file paths such as /etc/passwd and /root/.ssh/authorized_keys.

This repository contains a local privilege escalation exploit for CVE-2022-0847 (Dirty Pipe) targeting vulnerable Linux kernel versions (5.8 <= version < 5.16.11 / 5.15.25 / 5.10.102). The main exploit is implemented in 'payload.c', which leverages the Dirty Pipe vulnerability to overwrite the root user's password in /etc/passwd, setting it to a known value ('aaron'). The exploit first backs up the original /etc/passwd to /tmp/passwd.bak, performs the overwrite, and then spawns a root shell for the attacker. After exploitation, it restores the original /etc/passwd file. The exploit requires local access to the target system and does not involve any network communication. The repository also includes a README (in Chinese) briefly describing the target kernel versions, and a LICENSE file. The exploit is operational and provides a working payload for privilege escalation.

This repository contains two C source files (dirty.c and dirtypipe2.c) implementing exploits for the Linux kernel vulnerability CVE-2022-0847, known as Dirty Pipe. The exploit leverages a flaw in the Linux kernel's pipe buffer handling to overwrite read-only files in the page cache, specifically targeting SUID binaries. The exploit works by overwriting a SUID binary with a small ELF payload that, when executed, spawns a root shell and drops a SUID shell at /tmp/sh. The original SUID binary is then restored to minimize detection. The dirtypipe2.c variant automates the process by scanning a list of common SUID binaries and attempting the exploit on each until successful. The exploit is operational and provides a root shell if the target is vulnerable. The repository is structured with a README.md (instructions and affected kernel versions), two exploit source files, and an image directory. The main attack vector is local privilege escalation on Linux systems running kernel 5.8 or newer.

This repository is a Proof-of-Concept (PoC) exploit for CVE-2022-0847 (DirtyPipe), specifically targeting container breakout scenarios. The exploit is implemented in C (dirtypipe.c) and uses a custom minimal ELF binary written in assembly (runc_smoll.nasm) as the payload. The Makefile automates building the payload and the malicious libseccomp.so, while the Dockerfile sets up a vulnerable container environment by replacing the system's libseccomp and runc binaries. The exploit works by leveraging DirtyPipe to overwrite /proc/self/exe (the running runc binary) with the attacker's payload, which, when executed, prints a message and spawns a reverse shell to the attacker's host (172.17.0.2-5:1337). The repository is well-structured for demonstration and research purposes, providing all necessary components to reproduce the exploit in a controlled environment.

This repository contains a proof-of-concept (POC) exploit for CVE-2022-0847, also known as 'Dirty Pipe', a vulnerability in the Linux kernel (version 5.8 and later) that allows local attackers to overwrite arbitrary file contents in the page cache, even for files that are read-only, immutable, or on read-only mounts. The repository consists of three files: a LICENSE (GPLv2), a minimal README, and the main exploit code in 'cve-2022-0847.c'. The exploit is written in C and demonstrates how to leverage the vulnerability to inject arbitrary data into files, such as adding an SSH key to '/root/.ssh/authorized_keys' for privilege escalation. The exploit requires local access to the target system and does not require elevated privileges to run. The code is a POC and does not include weaponized features or automation for post-exploitation. No network endpoints are present; the only fingerprintable endpoint is the file path used in the example. The exploit is operational on vulnerable Linux systems and demonstrates a critical local privilege escalation vector.

This repository contains a Python exploit (dirty.py) for the Linux kernel vulnerability CVE-2022-0847, also known as Dirty Pipe. The exploit leverages the vulnerability to overwrite read-only files on disk, enabling privilege escalation to root. The script attempts several methods in order: overwriting /etc/passwd to set a known root password, overwriting /usr/bin/sudo or /usr/bin/su with a custom ELF binary that spawns a root shell, or modifying /etc/group to add the current user to the sudo group. The exploit drops a setuid root shell binary to /tmp/sh as part of its payload. The script is operational and provides a root shell if successful. It requires Python 3.10+ and targets local Linux systems vulnerable to Dirty Pipe. The repository includes a README with usage instructions and a LICENSE file. No network endpoints are involved; all actions are performed locally on the target system. The exploit also creates several backup and working files in /tmp for restoration and cleanup.

This repository contains a proof-of-concept exploit for the Dirty Pipe vulnerability (CVE-2022-0847) affecting Linux kernels 5.8 and later (before patching). The exploit is implemented in Go (main.go) and allows a local attacker to overwrite arbitrary data into read-only files, such as /etc/passwd, by exploiting a flaw in the Linux pipe buffer handling. The exploit takes three arguments: the target file path, the offset to write at, and the data to write. It performs checks to ensure the write does not cross page boundaries and does not enlarge the file. The README demonstrates how the exploit can be used to modify /etc/passwd, potentially enabling privilege escalation. The repository is structured simply, with the main exploit logic in main.go and supporting Go module files. No network or remote attack vectors are present; this is a local privilege escalation exploit.

This repository provides a proof-of-concept (POC) exploit and a checker for the Dirty Pipe vulnerability (CVE-2022-0847) in the Linux kernel. The vulnerability allows a local attacker to overwrite arbitrary file contents in the page cache, even for files that are read-only, immutable, or on read-only mounts. The exploit (exp&checker/exp.c) takes a target file, offset, and data as arguments, and uses a combination of pipe manipulation and the splice syscall to overwrite the file at the specified offset. This can be used to escalate privileges by overwriting sensitive files such as /etc/passwd or SSH authorized_keys. The checker (exp&checker/check.c) creates a test file and attempts to exploit the vulnerability to determine if the system is affected. The repository also includes a detailed README.md with an in-depth analysis of the vulnerability, exploitation method, and mitigation advice. The exploit is operational as a POC and demonstrates the core vulnerability, but does not include weaponized features such as automated privilege escalation payloads.

This repository contains two operational local privilege escalation exploits for the Linux Dirty Pipe vulnerability (CVE-2022-0847). The first exploit (exploit-1.c) overwrites the /etc/passwd file to set the root password to a known value ('piped'), spawns a root shell, and restores the original passwd file after use. The second exploit (exploit-2.c) hijacks a SUID binary (such as /usr/bin/sudo) by overwriting its contents with a small ELF payload that drops a SUID root shell at /tmp/sh, then restores the original binary and executes the root shell. Both exploits require local access and a vulnerable Linux kernel. The repository includes a bash script (compile.sh) to compile both exploits and a README.md with detailed usage instructions and background on the vulnerability. The main targets are system files (/etc/passwd) and SUID binaries, with the goal of obtaining a root shell on the affected system.

This repository consists of a single README.md file containing a one-line Bash command to exploit CVE-2022-0847 (Dirty Pipe) on Linux systems. The command downloads a precompiled exploit binary from a remote GitHub URL, saves it to /tmp/exploit-dirty-pipe, makes it executable, and runs it. The exploit targets vulnerable Linux kernels (5.8 and later, before patching) and is intended for local privilege escalation or arbitrary file overwrite. No source code is included; the repository simply provides a convenient one-liner to fetch and execute the exploit binary. The main fingerprintable endpoints are the remote GitHub URL hosting the binary and the local file path used for execution.

This repository contains a working exploit for CVE-2022-0847, also known as the Dirty Pipe vulnerability in Linux kernels 5.8 and later. The exploit is implemented in a single C file ('exploit.c'), which demonstrates how to leverage the vulnerability to overwrite arbitrary file contents in the page cache, even for files that are read-only or immutable. The exploit specifically targets '/etc/passwd', backing it up to '/tmp/passwd.bak', and then overwrites the root user's password entry to set the password to 'cspshivam'. After successful exploitation, it spawns a root shell, granting the attacker full root access. The README provides compilation and usage instructions, as well as guidance on restoring the original '/etc/passwd' file. The attack vector is local, requiring the attacker to execute the exploit on the vulnerable system. The repository is structured simply, with a license, a README, and the exploit code.

This repository demonstrates a working exploit for the Dirty Pipe vulnerability (CVE-2022-0847) in the Linux kernel. The exploit is implemented in C (exploit.c) and is designed to be run inside a Docker container with a vulnerable kernel, as set up by the provided Dockerfiles (alpine, debian, ubuntu variants). The exploit works by abusing a flaw in the Linux pipe implementation to overwrite arbitrary data in read-only files, specifically targeting /etc/passwd to set the root password to 'aaron'. After exploitation, it spawns a root shell and then restores the original /etc/passwd from a backup. The repository is structured for educational use, with a detailed README explaining the vulnerability, exploitation steps, and security implications. The main attack vector is local privilege escalation, requiring local access to the vulnerable system. The only fingerprintable endpoints are the file paths /etc/passwd and /tmp/passwd.bak, which are manipulated during exploitation.

This repository provides a working proof-of-concept exploit for CVE-2022-0847, also known as 'Dirty Pipe', a local privilege escalation vulnerability in the Linux kernel (versions 5.8 and later, prior to specific patches). The main exploit file, CVE-2022-0847.c, demonstrates how an unprivileged local user can exploit a flaw in the Linux pipe implementation to overwrite arbitrary data in read-only files, specifically targeting /etc/passwd. The exploit first backs up /etc/passwd to /tmp/passwd.bak, then overwrites the root user's password entry to a known value, and finally spawns a root shell. The repository also includes a shell script (compile.sh) to compile the exploit, a README.org with detailed vulnerability information and references, and a GPL license file. The exploit is operational and provides a real privilege escalation path on vulnerable systems.

This repository contains a proof-of-concept (POC) exploit for the Dirty Pipe vulnerability (CVE-2022-0847) in the Linux kernel. The main exploit logic is implemented in 'write_anything.c', which demonstrates how an unprivileged local user can overwrite the contents of any file they can read, even if the file is not writable, immutable, or on a read-only mount. The exploit leverages a flaw in the pipe buffer flags handling in affected Linux kernel versions. The 'exploit.sh' script automates the process by compiling the C exploit, creating a read-only file, displaying its contents, running the exploit to overwrite the file, and then showing the modified contents. The repository also includes a template file and a Makefile for building the exploit. The exploit is not weaponized but provides a clear demonstration of the vulnerability's impact, including the potential to inject SSH keys or modify protected files for privilege escalation. No network endpoints are involved; the attack vector is purely local file system manipulation.

This repository contains a Python exploit for the Dirty Pipe vulnerability (CVE-2022-0847) affecting Linux kernels 5.8 and above (prior to patching). The main file, dirtyPipe.py, provides two primary capabilities: (1) automatic privilege escalation to root by injecting a new root user into /etc/passwd and spawning a root shell, and (2) arbitrary file write to files that are normally read-only, immutable, or on read-only mounts. The exploit leverages the Dirty Pipe bug to bypass standard file permission checks. The script requires Python 3.10 or above and must be run on a vulnerable Linux system. The repository is structured simply, with a README, LICENSE, and the exploit script. The main attack vector is local privilege escalation, and the most fingerprintable endpoints are the /etc/passwd file (for privilege escalation) and /bin/su (for shell access).

This repository contains a proof-of-concept exploit for CVE-2022-0847, also known as 'Dirty Pipe', a local privilege escalation vulnerability in the Linux kernel (5.8 and later, prior to specific patched versions). The main exploit file, 'CVE-2022-0847.c', demonstrates how an unprivileged local user can overwrite arbitrary data in read-only files, specifically targeting '/etc/passwd' to set the root password to a known value. The exploit first backs up '/etc/passwd' to '/tmp/passwd.bak', then overwrites the root password entry, and finally spawns a root shell for the attacker. The repository also includes a shell script ('compile.sh') for compiling the exploit, a README with detailed vulnerability information and references, and a license file. The exploit is operational and provides a working local privilege escalation payload, but is not part of a larger exploitation framework.

This repository contains a proof-of-concept (PoC) exploit for CVE-2022-0847, also known as Dirty Pipe, targeting the Linux kernel. The exploit demonstrates how an attacker with CAP_DAC_READ_SEARCH capability inside a container can read and overwrite arbitrary read-only files on the host system, effectively achieving container escape. The main exploit logic is implemented in 'dp.c', which uses advanced Linux file system operations (open_by_handle_at, splice, and pipe manipulation) to bypass file permissions and overwrite files. The README provides detailed usage instructions and example scenarios, including overwriting '/etc/passwd' and '/home/vagrant/flag.txt' on the host. The exploit requires the target kernel to be vulnerable and the container to be started with the necessary capabilities. No network endpoints are involved; the attack vector is local, leveraging file system access and Linux kernel vulnerabilities.