App - Script

Tuesday 16 October 2018, 00:17  #1
App - Script - Bash System 1
altair
altair
  • 1 posts

Hi,
[Ech0 : spoil]

Some advice?

Friday 9 November 2018, 15:00  #2
App - Script - Bash System 1
gab48
gab48
  • 1 posts

Hi,

This is normal because when you look at the file ch11.c the program aim is to execute the ls cmd on .passwd

Friday 5 April 2019, 00:27  #3
App - Script - Bash System 1
qmi
qmi
  • 7 posts

altair, this approach will not work b/c you will lose the SETUID perm on the binary ch11. but you are one step closer 😉

Monday 29 April 2019, 22:46  #4
App - Script - Bash System 1
nova_cyberninja
nova_cyberninja
  • 1 posts

I try to change the ld preload with
gcc -fPIC -g -c a.c
gcc -shared -o libmylib.so.1.0.1 a.o -lc
export LD_PRELOAD=./libmylib.so.1.0.1
the idea was to hack the funcition system() to made it cat the .passwd but i get
ERROR: ld.so: object ’./libmylib.so.1.0.1’ from LD_PRELOAD cannot be preloaded (cannot open shared object file): ignored.

Tuesday 30 April 2019, 09:29  #5
App - Script - Bash System 1
Th1b4ud
Th1b4ud
  • 1636 posts

No. It’s a lot simpler than that. No need to replace system()

New reply New reply   New topic New topic