App - Script
App - Script - netstat parsing
Hi guys,
I really need an hint about this challenge, because i’m freaking out.. Reading the previous posts I realized that trying to create a socket with Recv-Q == Send-Q is simply useless, though the "cmd | getline" part of the script seems something vulnerable to me.
Another exploit I tried was to override the cleanup function, which always run 5 seconds later, but it seems that we can’t override the environment because with a setuid we’re in the root one, which is out of the ’user’ scope..
The executable is not using some custom function/library that I could overwrite using the LD_LIBRARY_PATH technique, and LD_PRELOAD can’t be used with a setuid binary.
The script uses full paths for calling the required executables, so I can’t exploit them changing the PATH (and maybe all the changes would be useless because of the setuid too).
I also tried to alter the netstat output, reasoning on the /proc/ folder content, but it’s obviously not editable.
I just can’t figure it out guys, maybe I’m overthinking it...any hint would be appreciated.
(bye from Italy and from the covid19)