is_dirty_pipe

1. #!/usr/bin/env python
2. # -*- coding: utf-8 -*-
3. # Filename: is_dirty_pipe.py
4. # Version: 1.00
5. # Author: Jeoi Reqi
6.  
7. """
8. This script checks if the system is vulnerable to the Dirty Pipe exploit (CVE-2022-0847).
9. It attempts to exploit the vulnerability by writing one byte to a specified file at offset 1.
10. If the write operation fails due to a permission error, the system is considered vulnerable.
11. Otherwise, it is assumed to be not vulnerable.
12.  
13. Requirements:
14. - Python 3.x
15. - Linux (as the Dirty Pipe exploit specifically targets the Linux kernel)
16.  
17. Functions:
18.    is_vulnerable(path):
19.        Check if the system is vulnerable to the Dirty Pipe exploit by attempting
20.        to write one byte to the specified file at offset 1.
21.  
22.    main():
23.        The main function of the script. Calls is_vulnerable function and prints
24.        the vulnerability status.
25.  
26. Usage:
27.    To use this script, simply run it from the command line:
28.    $ python is_dirty_pipe.py
29.  
30. Additional Notes:
31. - This script does not actually exploit the vulnerability but rather tests
32.  for its presence by attempting to perform a write operation.
33. - It assumes that a permission error indicates vulnerability to the Dirty Pipe exploit.
34. - It is important to run this script with appropriate permissions, as it attempts to
35.  write to a file which might require elevated privileges.
36. """
37.  
38. # Obscure the Linux-specific file path
39. Is_ = "/et"
40. dirt = "c/sha"
41. y_Pi = "d"
42. pe = "ow"
43. FILE_PATH = (
44.     Is_ + dirt + y_Pi + pe
45. )  # Obscured Linux user login password hashes are stored here.
46.  
47.  
48. def is_vulnerable(path):
49.     """
50.    Check if the system is vulnerable to the Dirty Pipe exploit.
51.  
52.    This function attempts to write one byte to the specified file at offset 1.
53.    If the write operation fails due to a permission error, the system is considered vulnerable.
54.    Otherwise, it is assumed to be not vulnerable.
55.  
56.    Args:
57.        path (str): The path to the file to be checked for vulnerability.
58.  
59.    Returns:
60.        bool: True if the system is vulnerable, False otherwise.
61.    """
62.     try:
63.         # Open the file in read-only mode
64.         with open(path, "rb") as f:
65.             # Attempt to write one byte at offset 1
66.             f.seek(1)
67.             f.write(b"\x00")
68.         return False  # If write succeeds, the system is not vulnerable
69.     except PermissionError:
70.         return True  # If write fails due to permission error, system is vulnerable
71.     except Exception as e:
72.         print(f"Error occurred:\n - {e} -\n\t   Are you running a Linux machine?\n")
73.         return False  # If any other error occurs, assume system is not vulnerable
74.  
75.  
76. def main():
77.     """
78.    The main function of the script.
79.  
80.    Calls is_vulnerable function and prints the vulnerability status.
81.    """
82.     if is_vulnerable(FILE_PATH):
83.         print("System is vulnerable to Dirty Pipe exploit (CVE-2022-0847)")
84.     else:
85.         print("System is not vulnerable to Dirty Pipe exploit (CVE-2022-0847)")
86.  
87.  
88. if __name__ == "__main__":
89.     main()
90.