App - System

My exploit works correctly except one thing: shellcode isn’t runs as root. I guess ./ch7 isn’t created by root user (but ). What’s wrong?

Hello!
That is a problem I also faced. Actually, none of the solutions I have seen after I solved it get the shell with correct EUID. You have to modify your shellcode so that it sets EUID and UID of the current process to UID of app-systeme-ch7-cracked.
Hint: use 0x46 syscall, not the classical 0x17! Hereis the ref: https://syscalls.kernelgrok.com/
Good Luck!! If you solve it, try writing a correct solution, Im too lazy..