• Dana Epp

More pwnage... privesc to root in pwncat using dirtypipe




I released another custom module for pwncat that automatically exploits CVE-2022-0847 to privesc to root. You can grab it at https://github.com/DanaEpp/pwncat_dirtypipe.


It supports cross compiling and automatic upload to remote targets using Caleb Stewart's awesome pwncat framework. In other words, it doesn't matter if the remote target has gcc or any of the bits. The module will take care of it for you. So SSH into a target or catch a rev shell, type "run dirtypipe" and appreciate the glory of a root shell.


If you want to see a demo of it in action, check this out.


Enjoy r00t (again).