App - Script

mardi 16 octobre 2018, 00:17  #1
App - Script - Bash System 1
altair
altair
  • 1 posts

Hi,
[Ech0 : spoil]

Some advice ?

vendredi 9 novembre 2018, 15:00  #2
App - Script - Bash System 1
gab48
gab48
  • 1 posts

Hi,

This is normal because when you look at the file ch11.c the program aim is to execute the ls cmd on .passwd

vendredi 5 avril 2019, 00:27  #3
App - Script - Bash System 1
qmi
qmi
  • 7 posts

altair, this approach will not work b/c you will lose the SETUID perm on the binary ch11. but you are one step closer 😉

lundi 29 avril 2019, 22:46  #4
App - Script - Bash System 1
nova_cyberninja
nova_cyberninja
  • 1 posts

I try to change the ld preload with
gcc -fPIC -g -c a.c
gcc -shared -o libmylib.so.1.0.1 a.o -lc
export LD_PRELOAD=./libmylib.so.1.0.1
the idea was to hack the funcition system() to made it cat the .passwd but i get
ERROR : ld.so : object ’./libmylib.so.1.0.1’ from LD_PRELOAD cannot be preloaded (cannot open shared object file) : ignored.

mardi 30 avril 2019, 09:29  #5
App - Script - Bash System 1
Th1b4ud
Th1b4ud
  • 1636 posts

No. It’s a lot simpler than that. No need to replace system()

Nouvelle réponse Nouvelle réponse   Nouveau sujet Nouveau sujet