Say you can send commands with a limited length to a linux server and they will execute as root and you'll get back the output. what is the lowest limit sufficient to pwn that server?
Conversation
Replying to
depends on the cwd, but an easy lower bound is to add a pubkey to /root/.ssh/authorized_keys charwise (nothing prevents me from running many commands right?)
1
1
or better:
echo \#>f
echo \!>>f
echo />>f
...
./f