App - Script

Hi guys,
I really need an hint about this challenge, because i’m freaking out.. Reading the previous posts I realized that trying to create a socket with Recv-Q == Send-Q is simply useless, though the "cmd | getline" part of the script seems something vulnerable to me.

Another exploit I tried was to override the cleanup function, which always run 5 seconds later, but it seems that we can’t override the environment because with a setuid we’re in the root one, which is out of the ’user’ scope..

The executable is not using some custom function/library that I could overwrite using the LD_LIBRARY_PATH technique, and LD_PRELOAD can’t be used with a setuid binary.

The script uses full paths for calling the required executables, so I can’t exploit them changing the PATH (and maybe all the changes would be useless because of the setuid too).

I also tried to alter the netstat output, reasoning on the /proc/ folder content, but it’s obviously not editable.

I just can’t figure it out guys, maybe I’m overthinking it...any hint would be appreciated.

(bye from Italy and from the covid19)

Keep trying. Netstat is vulnerable . There is several way to validate the challenge. And the simplest is not really wanted by the creator.