Light

nowsecure / dirtycow Goto Github PK

View Code? Open in Web Editor NEW

92.0 14.0 25.0 34 KB

radare2 IO plugin for Linux and Android. Modifies files owned by other users via dirtycow Copy-On-Write cache vulnerability

Home Page: https://www.nowsecure.com/blog/2016/10/21/dirty-cow-vulnerability-mobile-impact/

License: GNU Lesser General Public License v3.0

Shell 8.62% C 88.64% Makefile 2.25% C++ 0.49%

exploit dirtycow security cve android

dirtycow's Introduction

dirtycow

radare2 IO plugin that uses the Linux's dirtycow vulnerability to allow the user to modify files owned by other users by messing up the Copy-On-Write cache.

This plugin works on all linux kernels from 2007 (>= 2.6.22) until 2016 (< 4.8.3).

Details

For more details about this exploit checkout https://dirtycow.ninja

Author

Written by Sergi Alvarez [email protected] at NowSecure

License

This plugin and the cowpy tool are distributed under the terms of the LGPL, Copyright NowSecure 2016.

Installation

The easiest way to install this r2 plugin is by using r2pm like this:

$ r2pm -i dirtycow

The repository contains also a program named cowpy that will copy the contents of one file into another one. Bear in mind that dirtycow can't resize files, so you will not be able to write more bytes than the ones in the destination file and your contents should be self contained and properly terminated by an exit 0 if it's a script.

Crosscompilation

In order to crosscompile it is required to setup the android environment with the sys/android-shell.sh script of radare2. Typing make will be enough to get cowpy compiled.

Crosscompiling the r2 plugin requires to have r2 crosscompiled available in the system, so, to simplify, it is better to just build this repository inside Termux.

Eventually it may be committed into the termux packages.

Usage

To compile it, just run build.sh from inside a Termux shell in your Android device. You can also crosscompile it using the NDK, or just build it natively on your favourite Linux distro using make.

After that, r2 may list the new plugin:

$ r2 -L | grep cow

And we can use it like this to patch any system bin.

$ r2 dcow:///system/bin/sh

--pancake

dirtycow's People

Contributors

Stargazers

Watchers

dirtycow's Issues

More recent release ?

Greetings,
although i worked hard ( about 3 days) just to get it to work , i couldn't. can you compile & upload the recent version in x86 , ArmV7A ?

lack of error checking

the original PoC code doesn't perform any error checking at all. we should probably do that.

Add support for huge dirtycow

https://github.com/bindecy/HugeDirtyCowPOC/blob/master/main.c

open source

license - lgpl
move over to nowsecure org
public

./build.sh failed

i got the following error:

`compilation terminated.
cp: cannot stat 'io_dirtycow.so': No such file or directory
In file included from exploit.c:41:0,
                 from cowpy.c:6:
ptrace.c: In function ‘debuggee’:
ptrace.c:24:3: warning: implicit declaration of function ‘err’ [-Wimplicit-function-declaration]
   err (1, "ptrace(PTRACE_TRACEME)");
   ^
ptrace.c: In function ‘ptrace_memcpy’:
ptrace.c:39:4: warning: implicit declaration of function ‘warn’ [-Wimplicit-function-declaration]
    warn("ptrace(PTRACE_POKETEXT)");
    ^
ptrace.c: In function ‘ptraceThread’:
ptrace.c:82:8: warning: implicit declaration of function ‘clone’ [-Wimplicit-function-declaration]
  pid = clone (debuggee, child_stack + sizeof (child_stack) - 8, flags, arg);
        ^
/tmp/cc7Rurmf.o: In function `dirtycow':
cowpy.c:(.text+0x614): undefined reference to `pthread_create'
cowpy.c:(.text+0x631): undefined reference to `pthread_create'
cowpy.c:(.text+0x657): undefined reference to `pthread_create'
cowpy.c:(.text+0x674): undefined reference to `pthread_create'
cowpy.c:(.text+0x685): undefined reference to `pthread_join'
cowpy.c:(.text+0x69d): undefined reference to `pthread_join'
collect2: error: ld returned 1 exit status
`

installation guide incomplete

please add more details about the usage of cowpy
please notice users to run
```
apt install radare2 radare2-dev -y
apt install make make-dev clang pkg-config -y
```
first to install the dependency in order to compile files correctly.

Cowpy issue

Sir I successfully changed the prop value in /system/build.prop with cowpy..
But after reboot it resets to the original value....

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.