Root me: Bash — System 1

In this post, we solve one of the “Root me” challenges called “Bash — System 1”. We have a binary file with SUID bit and the C code to understand the binary.

Code:

#include <stdlib.h>
#include <sys/types.h>
#include <unistd.h>

int main(void)
{
setreuid(geteuid(), geteuid());
system("ls /challenge/app-script/ch11/.passwd");
return 0;
}

This code basically prints the content of the file /challenge/app-script/ch11/.passwd . And, ls command relies on the system paths to run the command. So, it looks like we can try to change…

--

--

--

Security Researcher, Penetration Tester, System Programmer

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Recovering an overwritten script that’’s still in execution from memory

Every Punk Needs a Landing Page

[LeetCode][python3]0017. Letter Combinations of a Phone Number

A business model for Symfony

Here’s what Drupal 9 is all about

The Drupal 8 icon on a screen pointing to the Drupal 9 icon

A Secured Web portal with WordPress & MySQL using NAT gateway

Adding Thruster Bar to the HUD Part 2

An MVC Approach to Flutter

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Cihat Yildiz

Cihat Yildiz

Security Researcher, Penetration Tester, System Programmer

More from Medium

Set up Kali Linux on Virtualbox and network setup(NAT + Host-Only Adapter)

Introduction to Simple Buffer Overflow

Pwning binaries and defeating modern mitigations using rop and ret2libc (foobar 2022 pwn writeup)

Intro to Windows — TryHackMe Walkthrough