Understanding the Challenge

This challenge builds upon the previous Bash - System 1 level, introducing additional complexity. The goal is to read the .passwd file using the provided C code and a custom bash script.

Key Points

• Familiarize yourself with the functions setreuid and system.
• Objective: Read the .passwd file via the binary ch12.
• Approach: Create a custom directory and script to manipulate the ls command.

Description of the Challenge

The provided C code is as follows:

#include <stdlib.h>
#include <stdio.h>
#include <unistd.h>
#include <sys/types.h>

int main(){
    setreuid(geteuid(), geteuid());
    system("ls -lA /challenge/app-script/ch12/.passwd");
    return 0;
}

Mindset for the Approach

Understand Basic Concepts

• setreuid: Sets the real and effective user IDs of the calling process.
• system: Executes a command specified in the string by calling /bin/sh.

Understand the Problem

• The challenge is similar to the previous one but includes the -lA option in the ls command.
• Objective: Read the .passwd file using the binary ch12.

Create the Attack

1. Create a Directory:

   • Create a directory in /tmp.
   • Add this directory to the $PATH.

2. Copy /bin/cat:

   • Copy /bin/cat into the newly created directory.
   • Rename it to ls.

3. Create a Bash Script:

   • Create a bash script named ls to execute cat on .passwd.

Resolution

• The bash script ls should ignore the -lA options by treating them as arguments.
• Modify the script to display the contents of .passwd.

Learn More

For a deeper understanding, explore the following topics:

• Unix File Permissions: Learn about how file permissions work in Unix-based systems.
• Bash Scripting: Dive into the basics and advanced techniques of bash scripting.
• System Calls: Understand various system calls and their uses in programming.