I got a moddified ls:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
int main(int argc, char **argv){
char command[50];
strcpy(command,"/bin/ls ");
gid_t egid = getegid();
setregid(egid, egid);
if(argc > 1) {
if(strlen(argv[1]) > 40) {
printf("The command you have given is too long, try again.\n");
return 0;
}
strcat(command,argv[1]);
system(command);
}else{
printf("This is a special NSA-modified 'ls' program. See 'man ls' for further details on how to use it.\n");
printf("USAGE: %s [flags & files]\n",argv[0]);
}
return 0;
}
i have to execute a program called get-code but i don't have the privileges to execute it without the ls(the modified ls is in the same directory as the get-code program), so how can i fool the system() to execute the get-code using the modified ls?
The key is this line: strcat(command,argv[1]);
How can you make it so command does more than just ls?
To execute multiple commands on the same line, you can separate them with the ;
character. So echo "hello"; echo "world"
echo "hello"; echo "world"
will have the shell execute both of those commands, one after the other. Knowing that, how can you make system(command);
execute get-code
after ls
?
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.