my personal exploit of CVE-2022-0847(dirty pipe)
my personal poc and exploit of CVE-2022-0847(dirty pipe)
Just a simply POC of this CVE, compile the file poc.c as follow:
$ gcc poc.c -o poc -static
You shall run it as follow:
./poc target_file offset_in_file data
You shall make sure the destination file is at least readable.
Result tested on Linux kernel 5.13.19:
I choose to gain a ROT privilege by overwriting SUID application to provide a ROOT SHELL
Just compile the file exploit_suid.c
and run it as follow:
$ gcc exploit_suid.c -o exp -static
$ ./exp target_file
For test I chose the /bin/passwd
as the target SUID file, result tested on Ubuntu 21.10 (kernel 5.13.0) is as follow:
You can visit my blog for more information about this CVE