Leviathan2 presents us with a small binary that belongs to the user leviathan3 and group leviathan2. The program contains a small security hole that can be exploited using a symbolic link. To understand how the program functions at its core and what is happening behind the scenes when the program executes, we will use a few Linux commands and techniques to enlighten us with this information.
- Updated with current solution
- Made more readable
For the sake of this updated tutorial, we are going to go ahead and create a directory and a file with a space in the name all in one go:
We can see that the function access() and /bin/cat is being called on the file. What access() does is check permissions based on the process’ real user ID rather than the effective user ID. We can also see that /bin/cat/ is being…
View original post 204 more words