Exploit Exercises Nebula Level 01 - SemilleroSeguridadInformatica/Sem-Security GitHub Wiki

Exploit Exercises Nebula - Level 01

About

There is a vulnerability in the below program that allows arbitrary programs to be executed, can you find it?

To do this level, log in as level01 account with the password level01. Files for this level can be found in /home/flag01.

Source code

#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <sys/types.h>
#include <stdio.h>

int main(int argc, char **argv, char **envp)
{
  gid_t gid;
  uid_t uid:
  gid = getegid();
  uid = geteuid();
 
  setresgid(gid, gid, gid);
  setresuid(uid, uid, uid);

  system("/usr/bin/env echo and now what=");
}
⚠️ **GitHub.com Fallback** ⚠️