Saturday, 29 October 2016

Dirty COW: Halloween Special

The Official Dirty COW Logo

Halloween Special: The Dirty COW

 

It's more than likely that you have already heard about the Dirty COW vulnerability. In this post, I will give you complete information about this topic you won't find anywhere. This is Halloween Special!!!
 
Dirty COW is a serious computer security vulnerability in the Linux kernel. The GNU/Linux operating system is considered to be the most secure operating system, and indeed it is. But the Dirty COW vulnerability can kill all that security in about 5 seconds. It can be used to gain root access to the computer by just running a single line, non-interactive, and a very small program.

Bonus: Dirty COW can be used to easily root all Android devices up to Android 7.

History of Dirty COW

 

Dirty COW has been around for around a decade; it has been lurking in the Linux kernel since version 2.6.22 which was released about nine years ago (September 2007). Fortunately, it became popular only in the late 2016 and has been under active exploitation since October. Unfortunately, all major distros have patched the bug (ah, I mean fortunately).

There is some sort of evidence which suggests that the bug was known to Linus Torvalds, the creator of Linux, but fixing the problem broke something else and the very serious problem was ignored.

By the way, it is called Dirty because it really is dirty and COW because it has to do with the kernel's copy-on-write mechanism. See below to understand it completely even if you are a Windows user.

How it works?

 

To understand Dirty COW, you first need to understand how the Linux kernel manages memory. (Relax, it is very simple).

The kernel doesn't manipulate the physical memory directly, instead it manipulates what is called virtual memory (for efficiency reasons).

Every program is alloted its own memory by the operating system. Suppose in memory cell A a program, P, has stored the bits 111 and another program, Q,  wants to store the same data (111). Instead of providing the other program (Q) with another cell of memory, the Linux kernel gives it the same cell as used by the first program (memory cell A). Now, suppose if Q wants to change 111 to 100. The kernel will make a copy of memory cell A, call it B, and will make Q point to B with data 100. Now P and Q have different data in different memory cells. This technique is known as Copy-on-Write or COW for short.

Another thing you need to understand is the race condition. A race condition is an abnormal condition which is caused because two or more processes of a program which are supposed to behave properly mutually don't behave properly, like the last one happens before the first one, etc.

One last thing you need to understand is actually the Dirty COW bug. This bug shows up when a program with multiple processes causes a race condition over and over again.

In this paragraph, I will finally explain how the Dirty COW exploit works. A process opens a read-only root file, the filed gets loaded in the virtual memory. Another process opens the same file. The first process advices the kernel that the file is no longer needed while the other process tries to write to a copy of it (not the original one, as it can't). This occurs very rapidly and repeats in a loop till the bug has been exploited. The kernel, due to the bug, writes to the original file on the disk. The file written could be an executable which could be modified to give root access to a normal user. This can be very, very dirty!


How to protect yourself?


1. Disconnect from all the networks, as there are some exploits which can allow any user on the same network to run non-root commands on your node.

2. Update the kernel.

3. If everything else fails, get the latest kernel from kernel.org and compile it manually.


How to exploit it?


You cannot exploit it much as the news spread faster than fire and everyone patched up. Still if you find a vulnerable kernel, you can do the following.

Note: This post is intended to be used for educational purpose only. Be sure that you have the permission of the owner of the computer you will be trying to exploit. I highly discourage the use of this post in criminal activity.

cowroot is the name of the program which let's you do it. Just click on the link and see if you can get anything done. Again, I demand that this information may not be used for malicious purpose.


I hope that you liked the post. Please drop a line to encourage the author to write more. If you have any advice, suggestions, questions, just tell me in the comments.

Introduction To Command Line For The Complet Beginner

The Command Line
The Command Line


The Command Line

 Kids today! They waste a huge amount of time looking around for icons. Silly mouse pushers. The main tool of a power computer user is the command line. Instead of giving you graphics, the command line offers text input and output. The advantage being that it is very fast and efficient. Instead of looking around for icons and buttons, all you have to do is type a simple command. In this post, I will tell you how to use the command line and get work done fast.

The command line is an essential tool for a system administrator, programmer and a power user. The GUI makes things easy while the command line makes difficult things possible. Sadly, many don't know even what the command line is or have some misconception about it.

The early computers couldn't display graphics and worked only with texts. Later on GUI came and command line was buried inside it. That means, the command line is still there as a separate application.

On *NIX systems it is known by various names and I assume you know how to start it. For Mac and Windows users, here are the instructions.

Windows

On Windows the command line is the PowerShell. There is also the old command prompt but it is obsolete. If you don't have PowerShell, you can get it from the Microsoft website. Relax it is free. Start it using the usual process.

Mac OS X

On OS X it is called Terminal. Start it like any other applications ;-).


Once you start the command line, you will see a prompt like the following:

PowerShell on Windows
 
Terminal on Mac OS X

The Screenshot Explained

Here is the general structure of the prompt shown in the screenshot:
  1. The folder you are in. C:\ in PowerShell and note the ~ in Terminal which means the users home directory.
  2. A cursor.
  3. Terminal has some extra information: localhost is the name of the computer while midnite is the user's name.

Navigating Around the Computer

You interact with the command line by typing commands. Right now type the following and notice the output:

     $ ls

Type only ls and not the $ sign. The $ sign is often used to indicate a general prompt, so get used to it and don't type it.

The ls command lists the contents of the folder/directory you are currently in. That is, it will tell you which folders and files are located inside your current folder/directory.

Now let's try some other commands.

To move to a different folder use the cd command. But you need to understand a few things before that.

Suppose there is a folder called playground which is your current folder. The playground folder contains another folder called swing and the playground folder is located inside C:/ (Windows) or ~ (Mac). You can locate the swing folder in two ways: Using absolute path reference or relative path reference. Path refers to the location of the file or folder represented as text. The path to the swing folder would be:

C:/playground/swing (Windows)
~/playground/swing (OS X)

These examples show the absolute path reference to swing; no matter where you are you can reach swing by following this path. Note that / is used to separate folders in path.

Relative path reference works like this: instead of starting from the root (C:/ or ~), you start with the current folder (playground in this case). So the relative path reference to swing. when you are in the playground folder would be simply swing.

You can now change to a directory by providing cd with the path to that directory, like this:

    PS C:/> cd C:/Windows
    % cd ~/Documents


Intermission

Anything is learned by practicing. Here is an exercise to burn what your learned just now into your brain. Open a GUI file explorer (like Windows Explorer) and go to a folder. Now try to go to the same folder using the command line and list the content of the folder. Repeat till you get bored.

File Operations

You can do (almost) everything using the command line that you can do using the GUI. Some of the common operations are moving, copying or deleting files/folders. But before doing that, let's create a practice folder in which we can experiment.

To create a folder use the mkdir command like this:

    $ mkdir name_of_the_folder

Replace name_of_the_folder with the desired folder name. This command will create a folder inside the current folder. Try creating a folder called practice and cd into that directory to make it your current working directory/folder.

Now open a text editor (like Notepad or TextMate) and create a file called cool.txt in the practice directory. We will perform various file operations on this file using the command line.

Moving/Renaming Files

In the command line moving and renaming are the same things. The following example will explain it better. To move/rename a file we use the mv command. You must provide it with two pieces of data, the target file and where to move it. If the move path is the same as the path of the target file but the name is different, the target will be renamed. Here let me show you:

    $ cd practice
    $ ls
     cool.txt
    $ mv cool.txt uncool.txt
    $ ls
    uncool.txt
    $ mv uncool.txt C:/

The first mv renames cool.txt to uncool.txt and the second mv command moves uncool.txt file to C:/ where C:/ can be any valid path. Easy, isn't it?

Copying Files

Copying works similarly. To copy a file use the cp command. You can copy and rename at the same time:

    $ ls
    uncool.txt
    $ cp uncool.txt cool.txt
    $ ls
    cool.txt uncool.txt

Cool, right?

Deleting Files

Deleting a file is rather simple. Use the rm command (while stands for remove):

    $ ls
    cool.txt uncool.txt
    $ rm uncool.txt
    $ ls
    cool.txt

Directory Operations

There's nothing special for directory operations. The same mv, cp and rm commands also work with directories.

Note: On Mac OS X, you must use rm -r to delete a directory.

Further Study

We have only scratched the surface of the metal. Command line is much more powerful; so powerful that I doubt if what we covered here was even 1 % of the total command line tricks available. Fortunately, you don't have to learn 100 %, just learn enough to accomplish your daily tasks. Just keep in mind that the command line is not hard, it's just a bit vast.

Here are some of the links to help you learn more:

Windows PowerShell Tutorial for Beginners with examples
Command Line Cheat Sheet Download


Please let us know if you liked the post in the comments. If you have any kind of questions, suggestions, etc. please do tell us through the comments. You can post anonymous comments as well.