更新时间:2022-12-18 11:34:03
由于 binary1
为setuid binary1cracked并调用系统
,你应该能够调用 binary1
与修改 PATH
,所以做任何事情,用户binary1cracked可以做。例如,提供自己的 LS版本
,读取.passwd文件,并把这个 LS
到您的自定义路径。
Since binary1
is setuid binary1cracked and invokes system
, you should be able to invoke binary1
with a modified PATH
and therefore do anything that user binary1cracked can do. For example, supply your own version of ls
that reads the .passwd file and place this ls
into your custom PATH.
使用bash,那么你可以通过在提示符下调用这样的命令提供的自定义路径
With bash you can supply a custom PATH by invoking a command like this at the prompt
$ PATH=/my/custom/path ./binary1