dcow is a possible exploit of the vulnerability CVE-2016-5195. Running the program as unprivileged user on a vulnerable system, it'll modify the /etc/passwd file, forcing the password "dirtyCowFun" (SHA-512, but could be modified for older standards). In case of successful execution, doing a "su" with that password, a root shell will be available. Using the -s option (recomended), a root shell will be automatically opened. A backup of the original /etc/passwd will be created in the current execution directory as .ssh_bak, if dcow is used with no options or with -n (see example below).

A CVE-2016-5195 vulnerable system.

The program was successfully used with:

• RHEL7 Linux x86_64;
• Debian 7 ("wheezy");
• Ubuntu 14.04.5 LTS
• Ubuntu 16.04.1 LTS
• Ubuntu 16.10
• Linux Mint 17.2

and compiled with:

• clang version 4.0.0;
• gcc version 6.2.0 20161005 (Ubuntu 6.2.0-5ubuntu12)
• gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.1)
• gcc version 4.8.5 20150623 (Red Hat 4.8.5-4) (GCC);
• gcc version 4.8.4 (Ubuntu 4.8.4);
• gcc version 4.8.2 (Ubuntu 4.8.2-19ubuntu1)
• gcc version 4.7.2 (Debian 4.7.2-5);

EDB-ID: 40847

https://www.exploit-db.com/exploits/40847/

• Compile the program: make

• Start the program:
  ./dcow
  or
  ./dcow -s # Automatically open a root shell and restore the passwd file.
  ./dcow -s -n # Automatically open a root shell but doesn't restore the passwd file.

• Online help:

  ./dcow -h

In the "wiki" section of this page is present a partial list of the vulnerable kernels/distros.