Wednesday, July 7, 2021

How To Run ANY COMMAND As The Owner Of The Script (setuid)

1. Save the below code as file a.c 
    int main(int ac, char **av) {
        int uid;
        uid = geteuid();
        setreuid(uid, uid);

        char **arguments = av + 1;
        system(*arguments);

        return 0;
    }
2. As userA, compile it, ie 
    gcc a.c -o aaa
3. As userA, set the sticky bit, ie 
    chmod 4755 aaa
4. now you can run any command as UserA, like this: 
    >aaa 'whoami'
    userA

    >aaa 'touch file1'
    >ls -al file1
    -rw-r----- 1 userA group
-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Display Not Found / No protocol specified

When faced with these errors, it most probably means your X11 forwarding authorization is not set up (or messed up). You will need to manual...