00:00 - Intro, the stream is here: https://www.twitch.tv/videos/1445106911
00:45 - Start of the video, showing what is new about this technique
02:17 - Running through the example, showing we can change the filename in ps to anything we want
03:15 - Showing what this looks like in the ps output
04:15 - Explaining what I don't like about the example used on the website
04:55 - Explaining what process substitution is, which is a really good way to pass arguments to bash scripts when piping with curl
06:00 - Testing process substitution with ddexec locally
07:45 - Showing how to execute this with DirtyPipe
09:45 - Successful execution of DitryPipe
10:30 - Showing a dirtypipe that changes the root password, changing the default password it uses
13:20 - Showing we changed the password, and then trolling myself because this box has PAM_WORDLE installed
14:45 - Finding a DirtyPipe exploit that modifies a SetUID
16:30 - Cheating at our game of Hacker Wordle, to make sure we actually changed the root password earlier.
Support the originator by clicking the read the rest link below.
