(Kernel Security) level 3
(Kernel Security) level 3
Information
- category: pwn
Description
Ease into kernel exploitation with another crackme level, this time with some privilege escalation (whoami?).
Explit
Call win function by send correct password, then spawn "/bin/sh".
1
2
3
4
5
6
7
8
9
10
11
#include <fcntl.h>
#include <stdio.h>
#include <unistd.h>
int main() {
int fd = open("/proc/pwncollege", O_RDWR);
printf("UID BEFORE:%d", getuid());
write(fd, "dylgcsgflojsupql", 16);
printf("\nUID AFTER:%d", getuid());
execl("/bin/sh", "/bin/sh", 0);
}
This post is licensed under CC BY 4.0 by the author.