undefined | Better HN

0 pointsstackghost1mo ago0 comments

The call to zlib basically overwrites a minimal ELF into a portion of the `su` binary, which exceve's /bin/sh.

0 comments

1 comments · 1 top-level

To be specific, the zlib'd binary basically does this (except that it directly uses Linux syscalls to do so rather then C wrappers):

    setuid(0);
    execve("/bin/sh", NULL, NULL);
    exit(0);

j / k navigate · click thread line to collapse