App - System

Hello,

The path management is special in Cygwin, you need to use Windows paths in order to avoid getting bad results while exploiting the PE binaries.

For example :
/tmp becomes C:\cygwin64\tmp\

In addition, please remember that you need to use the wrapper.sh script in order to get the right privileges to read the .passwd flag. This script acts like a suid version of the exploited binary. You do not need to use the runas command to get higher privileges on the server.

Ech0