# DirtyCred Demos In this page, we show the demo of escalating privilege in Linux kernel and escaping containter with DirtyCred attack. **This document is setup completely anonymously. We couldn't get any information from anyone who read this page. The artifact of DirtyCred is available [here](https://anonymous.4open.science/r/DirtyCred_Artifact-F128/)** ## Escalating Privilege in Linux Kernel We release the exploit code demo of DirtyCred at [here](https://www.dropbox.com/s/jgkto7t35vpuqi9/dirtycred.c?dl=0). The exploit code could overwrite the `/etc/passwd` file with arbtrary content. It is noted that the same exploit code could exploit different kernels from Ubuntu 20.04 (v5.4) and Centos 8 (v4.18). To help assess DirtyCred, we provide two VMs that reviewers could connect to and run the DirtyCred exploit (socat is recommanded!). Each connection has 10 minitues timeout (i.e. the VM will be shutdown after being connected for 10 minitues). Each connection will get a fresh VM, everything stored before will be reset. When accessing the VM, the reviewers could login the system with `low` user whose password is `low`. The reviewers could compile the exploit code (named `exp.c`) then launch the attack. For more details, the reviewers could refer to the video demo below. ### How to connect to VMs **Please login with user `low` and password `low`** **Ubuntu 20** ``` nc 150.136.171.117 1337 ``` or ``` socat FILE:`tty`,raw,echo=0 TCP:150.136.171.117:1337 ``` **Centos 8** ``` nc 150.136.171.117 1338 ``` or ``` socat FILE:`tty`,raw,echo=0 TCP:150.136.171.117:1338 ``` #### Demo for Ubuntu 20 {%youtube PUa5iSW-ZEc %} #### Demo for Centos 8 {%youtube ge9jCRDSIpQ %} ## Container Escaping {%youtube SHp7O166jRc %}