🧻Dirty Pipe: CVE-2022-0847

Interactive lab for exploiting Dirty Pipe (CVE-2022-0847) in the Linux Kernel

Room Attributes

Value

Subscription Required

False [Free]

Type

Walkthrough

Difficulty

Info

Task 1 - Info Introduction and Deploy

Deploy the machine by clicking on the green "Deploy" button at the top of this task!

No answer needed

Task 2 - Tutorial Vulnerability Background

Read the information in the task and understand how Dirty Pipe works.

No answer needed

Task 3 - Practical A Weaponised PoC

Follow along with the steps described in the task if you haven't already done so.

No answer needed

Switch user (`su`) into your newly created root account. What is the flag found in the `/root/flag.txt` file?

Reveal Flag 🚩

🚩THM{MmU4Zjg0NDdjNjFiZWM5ZjUyZGEyMzlm}

As mentioned previously, we have accidentally overwritten other user accounts by exploiting Dirty Pipe in this manner. This could cause issues for the server; thus, as professionals, we must clean up after our exploits. Using your root shell, restore the original `/etc/passwd` file from your backup.

No answer needed

Task 4 - Practical Bonus Task A Second Exploit

Exploit the target using bl4sty's exploit for Dirty Pipe

No answer needed

Make sure to clean up after yourself! Remove the SUID binary created by the script (`/tmp/sh`).

No answer needed

[Optional] Find another exploit for this vulnerability online. Review the code to ensure that it does what it claims to do, then upload it to the target and attempt to exploit the vulnerability a third way.

No answer needed

Task 5 - Info Conclusion

I understand the Dirty Pipe vulnerability!

No answer needed

PreviousApache HTTP Server Path Traversal: CVE-2021-41773/42013 NextSpring4Shell: CVE-2022-22965

Last updated 2 years ago

Task 1 - Info Introduction and Deploy

Deploy the machine by clicking on the green "Deploy" button at the top of this task!

Task 2 - Tutorial Vulnerability Background

Read the information in the task and understand how Dirty Pipe works.

Task 3 - Practical A Weaponised PoC

Follow along with the steps described in the task if you haven't already done so.

Switch user (su) into your newly created root account. What is the flag found in the /root/flag.txt file?

As mentioned previously, we have accidentally overwritten other user accounts by exploiting Dirty Pipe in this manner. This could cause issues for the server; thus, as professionals, we must clean up after our exploits. Using your root shell, restore the original /etc/passwd file from your backup.

Task 4 - Practical Bonus Task A Second Exploit

Exploit the target using bl4sty's exploit for Dirty Pipe

Make sure to clean up after yourself! Remove the SUID binary created by the script (/tmp/sh).

[Optional] Find another exploit for this vulnerability online. Review the code to ensure that it does what it claims to do, then upload it to the target and attempt to exploit the vulnerability a third way.

Task 5 - Info Conclusion

I understand the Dirty Pipe vulnerability!

Task 1 - Info Introduction and Deploy

Deploy the machine by clicking on the green "Deploy" button at the top of this task!

Task 2 - Tutorial Vulnerability Background

Read the information in the task and understand how Dirty Pipe works.

Task 3 - Practical A Weaponised PoC

Follow along with the steps described in the task if you haven't already done so.

Switch user (su) into your newly created root account. What is the flag found in the /root/flag.txt file?

As mentioned previously, we have accidentally overwritten other user accounts by exploiting Dirty Pipe in this manner. This could cause issues for the server; thus, as professionals, we must clean up after our exploits. Using your root shell, restore the original /etc/passwd file from your backup.

Task 4 - Practical Bonus Task A Second Exploit

Exploit the target using bl4sty's exploit for Dirty Pipe

Make sure to clean up after yourself! Remove the SUID binary created by the script (/tmp/sh).

[Optional] Find another exploit for this vulnerability online. Review the code to ensure that it does what it claims to do, then upload it to the target and attempt to exploit the vulnerability a third way.

Task 5 - Info Conclusion

I understand the Dirty Pipe vulnerability!

Switch user (`su`) into your newly created root account. What is the flag found in the `/root/flag.txt` file?

Make sure to clean up after yourself! Remove the SUID binary created by the script (`/tmp/sh`).

Switch user (`su`) into your newly created root account. What is the flag found in the `/root/flag.txt` file?

Make sure to clean up after yourself! Remove the SUID binary created by the script (`/tmp/sh`).