Linux DirtyClone Local Privilege Escalation Exploit

This module exploits DirtyClone, a local privilege escalation vulnerability in the Linux kernel. The trigger binary abuses the vulnerability to execute a caller-supplied custom ELF with root privileges. The module uses this mechanism to execute a generated Core Impact agent ELF. The module uploads the DirtyClone trigger binary and a generated Core Impact agent ELF with random names to the temporary directory given in the TMP_DIR parameter. If no parameter is provided, the module will use "/tmp" as the default value. The exploit is executed as the uploaded trigger binary with the uploaded agent path as its custom ELF argument. Once the attack is complete, a new Core Impact agent will be deployed on the target system with root user privileges. After the new agent connects, the module attempts to drop filesystem caches with the "sysctl" command and removes the uploaded trigger and agent binaries.
Exploit Platform
Product Name