Path Hijacking
LD_PRELOAD
Check if you can write into the path of privileged binaries, you might be able to abuse the library load order. Check wich functions a binary uses via objectdump -T
. To use these preload attacks with sudo in /etc/sudoers
there must be env_keep += LD_PRELOAD
Preload example payload
Compile preload example payload
When playing with the linker configs run ldconfig
afterwards or it wont update the linker cache.
Last updated