Hacking a Website and Gaining Root Access using Dirty COW Exploit

This is a demo on hacking a vulnerable website and gaining root privilege access using Dirty COW (CVE-2016-5195) exploit.

Dirty COW (CVE-2016-5195) is a kernel local privilege escalation vulnerability in the Linux kernel.

As described on Red Hat Customer Portal:

CVE-2016-5195

A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system.

This could be abused by an attacker to modify existing setuid files with instructions to elevate privileges. An exploit using this technique has been found in the wild.</

In the demo, the DirtyCOW exploit PoC will be used to escalate privileges of a local user (in this case www-data) thus gaining root or administrator privileges in the vulnerable web server.

dirtycow exploit

A Dirty COW vulnerable web server was setup in order to show the exploit in action. To better understand how serious the security problem can potentially be, a vulnerable website was also built - designed to be exploited to gain unprivileged local user access.

Hacking a Vulnerable Website and Escalating Privilege using Dirty COW (CVE-2016-5195) Exploit Demo Video

Dirty COW (CVE-2016-5195) Exploit Demo Video

As you can see from the video, the www-data local user has been quickly escalated with root privileges.

You can determine if your system is vulnerable by using this bash script from Red Hat.

List of affected Linux distributions includes: (Note that you can verify or test if your system is vulnerable by using the script above.)

CentOS Linux 7.x
CentOS Linux 6.x
CentOS Linux 5.x
Debian Linux wheezy
Debian Linux jessie
Debian Linux stretch
Debian Linux sid
Ubuntu Linux precise (LTS 12.04)
Ubuntu Linux trusty
Ubuntu Linux xenial (LTS 16.04)
Ubuntu Linux yakkety
Ubuntu Linux vivid/ubuntu-core
Red Hat Enterprise Linux 7.x
Red Hat Enterprise Linux 6.x
Red Hat Enterprise Linux 5.x
SUSE Linux Enterprise 11
SUSE Linux Enterprise 12

How to Fix Dirty COW (CVE-2016-5195) on Linux

**For Debian or Ubuntu Linux:**
$ sudo apt-get update &amp;&amp; sudo apt-get upgrade &amp;&amp; sudo apt-get dist-upgrade

**For RHEL / CentOS Linux 5.x/6.x/7.x:**
$ sudo yum update

**For RHEL / CentOS Linux 4.x:**
$ sudo up2date -u

**For Suse Enterprise Linux or Opensuse Linux:**
# zypper patch

Reboot your system afterwards, then verify by running the Dirty COW (CVE-2016-5195) vulnerability checker script again.

Ameer is an OSCE, OSWE, OSCP, GXPN certified cyber security enthusiast from Philippines. Ameer also plays CTFs as part of his hobby with his team and friends at hackstreetboys during his free time (in case there is). You can also find Ameer at YouTube; as well as on LinkedIn and Twitter.

CVE-2016-5195

Hacking a Vulnerable Website and Escalating Privilege using Dirty COW (CVE-2016-5195) Exploit Demo Video

How to Fix Dirty COW (CVE-2016-5195) on Linux

Author: Ameer Pornillos