or
or
By clicking below, you agree to our terms of service.
Sign in with Wallet
New to HackMD? Sign up
| Syntax | Example | Reference | |
|---|---|---|---|
| # Header | Header | 基本排版 | |
| - Unordered List |
|
||
| 1. Ordered List |
|
||
| - [ ] Todo List |
|
||
| > Blockquote | Blockquote |
||
| **Bold font** | Bold font | ||
| *Italics font* | Italics font | ||
| ~~Strikethrough~~ | |||
| 19^th^ | 19th | ||
| H~2~O | H2O | ||
| ++Inserted text++ | Inserted text | ||
| ==Marked text== | Marked text | ||
| [link text](https:// "title") | Link | ||
|  | Image | ||
| `Code` | Code |
在筆記中貼入程式碼 | |
| ```javascript var i = 0; ``` |
|
||
| :smile: |  |
Emoji list | |
| {%youtube youtube_id %} | Externals | ||
| $L^aT_eX$ | LaTeX | ||
| :::info This is a alert area. ::: |
This is a alert area. |
On a scale of 0-10, how likely is it that you would recommend HackMD to your friends, family or business associates?
Please give us some advice and help us improve HackMD.
Do you want to remove this version name and description?
Syncing
xxxxxxxxxx-
Any changes
Be notified of any changes
-
Mention me
Be notified of mention me
-
Unsubscribe
SubscribeDirtyCred Demos
In this page, we show the demo of escalating privilege in Linux kernel and escaping containter with DirtyCred attack.
This document is setup completely anonymously. We couldn't get any information from anyone who read this page. The artifact of DirtyCred is available here
Escalating Privilege in Linux Kernel
We release the exploit code demo of DirtyCred at here. The exploit code could overwrite the
/etc/passwdfile with arbtrary content. It is noted that the same exploit code could exploit different kernels from Ubuntu 20.04 (v5.4) and Centos 8 (v4.18).To help assess DirtyCred, we provide two VMs that reviewers could connect to and run the DirtyCred exploit (socat is recommanded!). Each connection has 10 minitues timeout (i.e. the VM will be shutdown after being connected for 10 minitues). Each connection will get a fresh VM, everything stored before will be reset. When accessing the VM, the reviewers could login the system with
lowuser whose password islow. The reviewers could compile the exploit code (namedexp.c) then launch the attack. For more details, the reviewers could refer to the video demo below.How to connect to VMs
Please login with user
lowand passwordlowUbuntu 20
or
Centos 8
or
Demo for Ubuntu 20
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Learn More →Demo for Centos 8
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Learn More →Container Escaping
- The image file may be corrupted
- The server hosting the image is unavailable
- The image path is incorrect
- The image format is not supported
Learn More →