Skip to content

Instantly share code, notes, and snippets.

@shankaraman

shankaraman/vuln.c

Last active August 29, 2015 14:22
Show Gist options
  • Save shankaraman/fb39c51f644e8a3e5aa7 to your computer and use it in GitHub Desktop.
Save shankaraman/fb39c51f644e8a3e5aa7 to your computer and use it in GitHub Desktop.
Download ZIP
Vulnerable Program
Raw
vuln.c
#include<stdio.h>
#include<unistd.h>
void a();
void b();
void c();
void a()
{
char *dummy[] = {NULL,"dummy"};
execve("/bin/sh",dummy,NULL);
perror("execve");
}
void b()
{
printf("\nHello World\n");
}
void c()
{
char buf[512];
printf("Address of a(): %p\n", a);
printf("Addres of buf: %p\n",buf);
printf("uid is:%u\teuid is:%u\n",getuid(),geteuid());
read(0,buf,1024);
}
int main()
{
c();
return 0;
}
Copy link

ghost commented Jun 8, 2015

  1. Remove the lines
    printf("You just entered\n");
    puts(bug);

No need for that.

  1. Instead of "Reading input...\n", make it print the current uid.
  2. Make the binary setuid; also add the command line commands to make it uid as comments at the start of the c program so that you can use it for reference. When run the binary should run as root.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment