Exploit Exercises Nebula Level 02 - SemilleroSeguridadInformatica/Sem-Security GitHub Wiki
There is a vulnerability in the below program that allows arbitrary programs to be executed, can you find it?
To do this level, log in as level02 account with tha password level02. Files for this level can be found in /home/flag02.
include <stdlib.h>
include <unistd.h>
include <string.h>
include <sys/types.h>
include <stdio.h>
int main(int argc, char **argv, char **envp)
{
char *buffer;
gid_t gid;
uid_t uid;
gid = getegid();
uid = geteuid();
setresgid(gid, gid, gid);
setresuid(uid, uid, uid);
buffer = NULL;
asprintf(&buffer, "/bin/echo %s is cool", getenv("USER"));
printf("about to call system(\"%s\")\n", buffer);
system(buffer);
}