C:IFS系统()漏洞
[英]C: IFS System() Vulnerability
问题描述
For educational reasons I have to exploit an C-Code 
出于教育原因,我必须利用C代码
The Programm set the egid first, and then the vulnerability with the system("/usr/bin/..."); 程序首先设置egid,然后设置system("/usr/bin/...");的漏洞system("/usr/bin/..."); Command. 命令。
So I made an 'usr' executeable in my Home-Directory and set the Path to the Home PATH=$HOME:$PATH 所以我在我的主目录中创建了一个'usr',并将路径设置为Home PATH=$HOME:$PATH
And I want to change the IFS Variable in the bash to /: export IFS='/' 我想将bash中的IFS变量更改为/: export IFS='/'
Unfortunatelly, when i call the C-Programm: my exploit doesn't work 不幸的是,当我调用C-Programm时:我的漏洞利用不起作用
Is anybody able to tell me what is wrong? 有人能告诉我出了什么问题吗?
2 个解决方案
解决方案1
4 2012-10-13 14:25:22
Add the IFS as part of your program's call to system() . 添加IFS作为程序调用system() 。 System executes the code with /usr/bin/sh -c . 系统使用/usr/bin/sh -c执行代码。 So you can do similar to what you'd in the shell prompt. 所以你可以做类似于你在shell提示符中的内容。
system("export IFS='/'; /usr/bin/cmd");
Note that once the child process is terminated, the IFS set will no longer be available in the parent. 请注意,一旦子进程终止,IFS集将不再在父进程中可用。
解决方案2
3 已采纳 2012-10-14 18:55:36
I suppose we are studying at the same university, because I am currently confronted with the same problem. 我想我们正在同一所大学学习,因为我目前面临着同样的问题。 I don't want to give you the whole solution, because that would be too easy =) 我不想给你整个解决方案,因为这太容易=)
Your IFS variable is not ignored, but it doesn't work as you might think. 您的IFS变量不会被忽略,但它不会像您想象的那样工作。 When you call the C-Programm there is an additional output in the shell, which refers to the lesspipe. 当你调用C-Programm时,shell中有一个额外的输出,它指的是lesspipe。 With the information in this link and this german link you are able to solve the challenge1 ;) 通过此链接 和此德语链接中的信息,您可以解决挑战1;)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.