It is great to create backdoors using capabilities. E.g: setcap cap_setuid+ep /lib/x86_64-linux-gnu/ld-2.29.so
I was today years old when I learnt that you can run ELF using ld-linux. Useful when the executable bit is not set (and you can't change it).pic.twitter.com/um8ztMnquz
-
-
-
Not sure if I would have noticed the difference in colours with ls --color for a setuid / setcap bin. Nifty.pic.twitter.com/ArDZrLcdcM
- Još 3 druga odgovora
Novi razgovor -
-
-
In addition, if you have a binary that can only be executed by root, this trick allows you to execute it as any user bypassing the permission restrictions (obvious, right?)
-
Yeah, but you would need at least read permission as your current user for that though.pic.twitter.com/nAvRtIeNsa
Kraj razgovora
Novi razgovor -
-
-
What?! No ways
-
Also good when you can upload to a file system mounted with the noexec flag, if I recall correctly. Can’t exec directly? No problem!
- Još 1 odgovor
Novi razgovor -
-
-
Can someone please explain how does this work ? why is there no permission issue when executed with .so file
- Još 1 odgovor
Novi razgovor -
-
-
It's useful too when you have a binary compiled with a different libc. You launch it with the other loader and it doesn't crash. (Heap challenges in CTFs)
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.