Alright, So i have a setuid program that forks, and executes a program. I can control what program is executes, but if i run something like /bin/bash, I wont get the shell, since the program forks, so I dont have access to its stdin/stdout. What should I execute so I get access to a root shell.
The program basically runs tidy with execlp so I can add . to the path and add anything to a tidy executabel in the current dir. I ran the program I needed to run, but I get extra credit If i get a shell
I think I got
I'm gonna run a nc reverse shell on a port. Lets see if that work.
EDIT: did not work. the server had openbsd netcat so it does not have -e. What should I do?
EDIT2: nvm... The program sets the uid and gid to mine at the start of the program so It doesn't really matter. The uid is the same is mine, not root.
Linux Geeks doing what Linux Geeks do..