Android - How to use dirty cow exploit?

The reason the command isn't working for you is because "su" is a binary that gets installed by rooting your device. Without a proper root you have no "su" command.

In order to use the dirtycow exploit you have to compile the binary for your device's architecture.

  • Head over to https://github.com/timwr/CVE-2016-5195 and download or git clone the files.
  • (Optional) If you do not know your device architecture then on the phone install the "Droid Hardware Info" app from Play Store, open it, and swipe left to get to the System tab. Next to the label "Instruction Sets" will be your supported architecture.
  • On your computer open a terminal and navigate to where the dirtycow files are (extract if needed). Then simply type "make (insert architecture here)" without the quotes. This will create two binaries inside the folder at libs/(your_architecture)/ called dirtycow & run-as. Alternatively, if you have USB Debugging enabled then simply attach the device and type "make root" and it will push the binaries into your device at /data/local/tmp, then automate a few ADB commands to exploit and grant you a limited root shell.
  • If you don't see the terminal user icon as # and instead see a $ then the exploit didn't work at some point. Since the files are still on the device I would suggest to then try and manually patch run-as by using adb shell and typing the following...

chmod 777 /data/local/tmp/*

dirtycow /data/local/tmp/run-as /system/bin/run-as

/system/bin/run-as

If this doesn't prompt you as root user (#) then the exploit won't work for your device in this fashion and you'll need to do some digging why not. If this happens try opening an Issue on the Github repo, it's still pretty active so you should have an answer before long.