{"id":29405605,"url":"https://github.com/morgenm/dirtypipe","last_synced_at":"2026-05-19T09:07:23.029Z","repository":{"id":302516749,"uuid":"1012081918","full_name":"morgenm/dirtypipe","owner":"morgenm","description":"DirtyPipe (CVE-2022-0847) exploit written in Rust","archived":false,"fork":false,"pushed_at":"2025-07-05T17:15:54.000Z","size":28,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"master","last_synced_at":"2025-07-11T02:38:42.122Z","etag":null,"topics":["exploit","linux","linux-kernel","offensive-security","privilege-escalation","rust"],"latest_commit_sha":null,"homepage":"https://morgenm.github.io/blog/2025/dirtypipe/","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/morgenm.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-07-01T19:30:32.000Z","updated_at":"2025-07-05T17:15:57.000Z","dependencies_parsed_at":"2025-07-02T20:47:48.862Z","dependency_job_id":null,"html_url":"https://github.com/morgenm/dirtypipe","commit_stats":null,"previous_names":["morgenm/dirtypipe"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/morgenm/dirtypipe","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/morgenm%2Fdirtypipe","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/morgenm%2Fdirtypipe/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/morgenm%2Fdirtypipe/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/morgenm%2Fdirtypipe/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/morgenm","download_url":"https://codeload.github.com/morgenm/dirtypipe/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/morgenm%2Fdirtypipe/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33209504,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-19T07:54:09.561Z","status":"ssl_error","status_checked_at":"2026-05-19T07:54:08.508Z","response_time":58,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["exploit","linux","linux-kernel","offensive-security","privilege-escalation","rust"],"created_at":"2025-07-10T22:21:23.319Z","updated_at":"2026-05-19T09:07:23.023Z","avatar_url":"https://github.com/morgenm.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003e **DISCLAIMER**\n\u003e\n\u003e This code is for **educational and research purposes only.** \n\u003e\n\u003e Do not use it on systems you do not own or have permission to test.\n\u003e\n\u003e The author is **not responsible** for any misuse, damage, or legal consequences resulting from the use of this code.\n\n# DirtyPipe (CVE-2022-0847)\nView the writeup for this exploit on my [blog](https://morgenm.github.io/blog/2025/dirtypipe/). This is an implementation of the DirtyPipe ([CVE-2022-0847](https://nvd.nist.gov/vuln/detail/cve-2022-0847)) exploit I wrote in Rust based on [Max Kellermann's writeup](https://dirtypipe.cm4all.com/).\nThe program allows you to overwrite specific files or to overwrite an SUID binary in order to escalate privileges.\n\n## Features\n- Check if kernel version is vulnerable\n- Overwrite any file with data from specified input file\n- Overwrite a SUID binary (default `passwd`) to gain root\n- Backup target files to `/tmp` before exploitation\n\n## Usage\n### Overwriting a file\nFirst create an input file. The data within this file will be used to overwrite the target. Then, simply run the following:\n\n```bash\n./dirtypipe_exploit -m overwrite -i input.txt -o target_file -b offset\n```\n\nWhere offset is the offset in bytes to begin writing in the file. The offset must not be on a page boundary and writing cannot cros a page boundary, due to the nature of the vulnerability.\n\n### SUID for Privilege Escalation\n`SUID` mode will replace a specified SUID binary with a given ELF payload. The `suid` ELF is provided in the release on this repo and will be used by the exploit unless otherwise specified in the options.\nAdditionally, you can generate this on your own, or modify the payload using the `gen_suid.py` pwntools script and the `loader.asm` file. This option will be discussed below.\nThe exploit sets the target to `/usr/bin/passwd` by default.\n\nRun the following to replace `/usr/bin/passwd` with the provided payload (spawns a shell as root):\n```bash\n./dirtypipe_exploit -m suid\n```\n\nThen run `/usr/bin/passwd` to get a root shell.\n\nTo generate your own payload, follow these steps:\n1. Run the `gen_suid.py` script, which uses pwntools to generate a payload (`shellcode.bin`) that spawns a root shell. Modify it as you see fit.\n2. Create the ELF binary payload by running `nasm -f bin -o [PAYLOAD_NAME] loader.asm`. This will turn the `shellcode.bin` file into an executable.\n3. Run `./dirtypipe_exploit -m suid -i [PAYLOAD_NAME] -o [TARGET_FILE]`.\n4. Execute the target to gain root.\n\nThank you to the author of [STALKR's BLOG](https://blog.stalkr.net/) for the 64-bit Tiny ELF header ([here](https://blog.stalkr.net/2014/10/tiny-elf-3264-with-nasm.html)).","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmorgenm%2Fdirtypipe","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmorgenm%2Fdirtypipe","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmorgenm%2Fdirtypipe/lists"}