According to "Linus Torvalds"
What is Copy-on-write (COW)?
A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system." (RH)
How to use this Exploit?
please watch above video for live demo.
Exploit1: Write content on real only permission on file owned by root
Download the exploit code using wget:
First Exploit Code: Click Here
Compile This Code Using:
Now Run This Exploit:
Exploit2:To Get Root by Local Privilege Escalation
Download the exploit code using wget:
Second Exploit Code: Click Here
Modify and use correct payload as per your test server (x86 or x64)!
by (un)commenting exploit code.
Compile This Code Using:
Now Run This Exploit:
check using:
Fix: Source
Thanks for reading, please comment if you need any other exploit live demo. :)
./unknowndevice64
This is an ancient bug that was actually attempted to be fixed once (badly) by me eleven years ago in commit 4ceb5db9757a ("Fix get_user_pages() race for write access") but that was then undone due to problems on s390 by commit f33ea7f404e5 ("fix get_user_pages bug").What is Copy-on-write (COW)?
A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system." (RH)
How to use this Exploit?
please watch above video for live demo.
Exploit1: Write content on real only permission on file owned by root
Download the exploit code using wget:
First Exploit Code: Click Here
Compile This Code Using:
gcc -pthread dirtyc0w.c -o ud64_exploitNow Run This Exploit:
./ud64_exploit root_file new_text_string Exploit2:To Get Root by Local Privilege Escalation
Download the exploit code using wget:
Second Exploit Code: Click Here
Modify and use correct payload as per your test server (x86 or x64)!
by (un)commenting exploit code.
Compile This Code Using:
gcc -pthread cowroot.c -o ud64_exploitNow Run This Exploit:
./ud64_exploitcheck using:
whoami or idFix: Source
+/*
+ * FOLL_FORCE can write to even unwritable pte's, but only
+ * after we've gone through a COW cycle and they are dirty.
+ */
+static inline bool can_follow_write_pte(pte_t pte, unsigned int flags)
+{
+ return pte_write(pte) ||
+ ((flags & FOLL_FORCE) && (flags & FOLL_COW) && pte_dirty(pte));
+}
+Thanks for reading, please comment if you need any other exploit live demo. :)
./unknowndevice64
No Comment to " Copy-on-write (COW) Exploit (CVE-2016-5195) Live Demo "