Skip to content

A collection of exploits and documentation that can be used to exploit the Linux Dirty Pipe vulnerability.

Notifications You must be signed in to change notification settings


Folders and files

Last commit message
Last commit date

Latest commit



8 Commits

Repository files navigation

Dirty Pipe


A collection of exploits and documentation for penetration testers and red teamers that can be used to aid the exploitation of the Linux Dirty Pipe vulnerability.

About The Vulnerability

  • Dirty Pipe (CVE-2022-0847) is a local privilege escalation vulnerability in the Linux kernel that could potentially allow an unprivileged user to do the following:
    • Modify/overwrite arbitrary read-only files like /etc/passwd.
    • Obtain an elevated shell.

Affected versions

DirtyPipe Vulnerability Scanner

Compiling the exploit

  • An automated compiler bash script has been provided to you to automate the compilation of both exploits.
  • In order to compile the exploit succesfully, you will need to have GCC installed.
sudo apt-get install gcc
  • After installing GCC, you can run the '" script as follows:
chmod +x

Exploit-1 - Modifying/overwriting read only files

  • This repo contains 2 exploits, the 'exploit-1.c' exploit can be used to modify or overwrite arbitrary read only files.
  • This exploit is a proof of concept that was developed by Max Kellermann and has been modified to change the root password in the /etc/passwd file, consequently providing you with access to an elevated shell.

Running the exploit binary

  • The exploit code has already been configured to replace the root password with the password "piped" and will take a backup of the /etc/passwd file under /tmp/passwd.bak. Furthermore, the exploit will also provide you with an elevated root shell and will restore the original passwd file when done.

Exploit-2 - Hijacking SUID binaries

  • This exploit can be used to inject and overwrite data in read-only SUID process memory that run as root.

Finding SUID binaries

find / -perm -4000 2>/dev/null

Running the exploit binary

./exploit-2 /usr/bin/sudo

Important Note

  • I do not claim credit/ownership/disclosure of the vulnerability and all corresponding exploits hosted in this GitHub repo.
  • All the credit goes to the awesome Max Kellerman, you can check out the official disclosure here:



A collection of exploits and documentation that can be used to exploit the Linux Dirty Pipe vulnerability.






No releases published


No packages published