OP 18 February, 2022 - 04:46 PM
dirty cow:
this exploit is a result of race condition within a kernel :
What is Race condition ?
-A race condition is when thread a,b execute at the same time . mostly it will result in a bug or a unknown result it depend on the kernel .
here is the code ditrycow exploit
-https://github.com/caldonovan/Dirty-COW-Exploit/blob/master/dirtyc0w.c
let's check it out
in the main function it tell you that it accept 2 parameter File / and string to write to .
then it use mmap what is this ?
mmap function ?
mmap create a private virtual pointer for the file that it takes and it privates so we can w/r anything into it .
the kernel need to find physical memory to store out virtual memory .
next we write anything to our private virtual memory .however we are not going to write to mmap pointer gave we are gonna write to (proc/self/mem)
At this point, the kernel has to figure out where in physical memory (s)he'll actually be writing.
this where cow(copy on write)
And the kernel is tricked into thinking our write was for the original
.
all credit goes to https://www.cs.toronto.edu/~arnold/427/1.../demo.html
![[Image: 2hWB82Z.gif]](https://i.imgur.com/2hWB82Z.gif)
this exploit is a result of race condition within a kernel :
What is Race condition ?
-A race condition is when thread a,b execute at the same time . mostly it will result in a bug or a unknown result it depend on the kernel .
here is the code ditrycow exploit
-https://github.com/caldonovan/Dirty-COW-Exploit/blob/master/dirtyc0w.c
let's check it out
in the main function it tell you that it accept 2 parameter File / and string to write to .
then it use mmap what is this ?
mmap function ?
mmap create a private virtual pointer for the file that it takes and it privates so we can w/r anything into it .
the kernel need to find physical memory to store out virtual memory .
next we write anything to our private virtual memory .however we are not going to write to mmap pointer gave we are gonna write to (proc/self/mem)
At this point, the kernel has to figure out where in physical memory (s)he'll actually be writing.
this where cow(copy on write)
And the kernel is tricked into thinking our write was for the original
.
all credit goes to https://www.cs.toronto.edu/~arnold/427/1.../demo.html
![[Image: 4Ev9Kma.png]](https://i.imgur.com/4Ev9Kma.png)