I’m on calamity and has successfully gotten to the vuln code, caused the overflow and written a rop chain. When run inside gdb I get a shell as expected and not root (as expected). Without gdb I also get a shell and again without root access. I had expected that popping a shell from inside the vuln app I would have gotten root. Am I missing something? On the right track? Need to just “try harder?”
Thanks feel free to pm.
you forgot something. try to set!!! something
OK I’ve changed my code to use another call to execute commands. I can execute “id” through the vuln in goodluck. it returns :
uid=1000(xalvas) gid=1000(xalvas) groups=1000(xalvas),4(adm),24(cdrom),30(dip),46(plugdev),110(lxd),115(lpadmin),116(sambashare)
Why is it not getting the privs of goodluck which are suid to root.
What am I missing?
Four days in ROP ■■■■ but I got it. P1rs1ng6407 your suggestion didn’t click at first. I finally saw the light.
gj man