changed 3 years ago
Linked with GitHub

DirtyCred Demos

In this page, we show the demo of escalating privilege in Linux kernel and escaping containter with DirtyCred attack.

This document is setup completely anonymously. We couldn't get any information from anyone who read this page. The artifact of DirtyCred is available here

Escalating Privilege in Linux Kernel

We release the exploit code demo of DirtyCred at here. The exploit code could overwrite the /etc/passwd file with arbtrary content. It is noted that the same exploit code could exploit different kernels from Ubuntu 20.04 (v5.4) and Centos 8 (v4.18).

To help assess DirtyCred, we provide two VMs that reviewers could connect to and run the DirtyCred exploit (socat is recommanded!). Each connection has 10 minitues timeout (i.e. the VM will be shutdown after being connected for 10 minitues). Each connection will get a fresh VM, everything stored before will be reset. When accessing the VM, the reviewers could login the system with low user whose password is low. The reviewers could compile the exploit code (named exp.c) then launch the attack. For more details, the reviewers could refer to the video demo below.

How to connect to VMs

Please login with user low and password low
Ubuntu 20

nc 150.136.171.117 1337

or

socat FILE:`tty`,raw,echo=0 TCP:150.136.171.117:1337

Centos 8

nc 150.136.171.117 1338

or

socat FILE:`tty`,raw,echo=0 TCP:150.136.171.117:1338

Demo for Ubuntu 20

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

Demo for Centos 8

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

Container Escaping

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

Select a repo