// notes/ PrivEsc — Linux
🐧
Sudo Ld Preload
Pre-loading is a feature of LD (Dynamic Linker) which is available on most UNIX systems. This can be exploited by loading a custom library of our choice (as root) before loading a…
#linux privilege escalation#adot8
source · oscp.adot8.com · linux-privilege-escalation/sudo_ld_preload ↗LD_PRELOAD
Pre-loading is a feature of LD (Dynamic Linker) which is available on most UNIX systems. This can be exploited by loading a custom library of our choice (as root) before loading a different library
code
01sudo -lCreate a the malicious library in C
<figure><img src="/files/XbyW2dt1fiRSgGYsh4Ws" alt=""><figcaption></figcaption></figure>Code Breakdown:
- Including standardio, sys/types and standard libraries
- Unset the LD_PRELOAD environment variable
- Set the gid and uid to 0 (which is root)
- Then we want to execute /bin/bash as root (0)
Compile
code
01gcc -fPIC -shared -o shell.so shell.c -nostartfilesUse LD_PRELOAD and another command that we can run as root
code
01sudo LD_PRELOAD=/tmp/shell.so iftop