Bash: System 1¶

root-me challenge: ELF32-System-1: Find your path, padawan!

Source

#include <stdlib.h>
#include <stdio.h>
 
/* gcc -m32 -o ch11 ch11.c */
 
int main(void) 
{
	system("ls /challenge/app-script/ch11/.passwd"); 
	return 0;
}

The ls command is not using an absolute path.

Resources¶

• Dangers of SUID Shell Scripts

• SUID Privileged Programs

Counter moves¶

This challenge abuses unsanitised input reaching a shell. Input validation and avoiding shell interpolation are the defensive answers. Seen from the other side, this sits in the blue notes on the application layer as a target.