For educational reasons I have to exploit an C-Code
The Programm set the egid first, and then the vulnerability with the system("/usr/bin/...");
Command.
So I made an 'usr' executeable in my Home-Directory and set the Path to the Home PATH=$HOME:$PATH
And I want to change the IFS Variable in the bash to /: export IFS='/'
Unfortunatelly, when i call the C-Programm: my exploit doesn't work
Is anybody able to tell me what is wrong?
Add the IFS as part of your program's call to system()
. System executes the code with /usr/bin/sh -c
. So you can do similar to what you'd in the shell prompt.
system("export IFS='/'; /usr/bin/cmd");
Note that once the child process is terminated, the IFS set will no longer be available in the parent.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With