I think I got
I'm gonna run a nc reverse shell on a port. Lets see if that work.
EDIT: did not work. the server had openbsd netcat so it does not have -e. What should I do?
EDIT2: nvm... The program sets the uid and gid to mine at the start of the program so It doesn't really matter. The uid is the same is mine, not root.
Alright, So i have a setuid program that forks, and executes a program. I can control what program is executes, but if i run something like /bin/bash, I wont get the shell, since the program forks, so I dont have access to its stdin/stdout. What should I execute so I get access to a root shell.
The program basically runs tidy with execlp so I can add . to the path and add anything to a tidy executabel in the current dir. I ran the program I needed to run, but I get extra credit If i get a shell
Btw, a while back somebody posted a question about how people spell "Axe"
Apparently people in America are said to spell it as "Ax" but no one actually does ...
But then I was playing The world ends with you, and that game had a dialogue where one of the NPCs spelled "Axe" as "Ax" so I guess there's some truth to it.