Einstein
So in this challenge, we connect to an SSH server and we list the files:
In the learn.c file we see the following code where the cat binary is called as is but not like /bin/cat:
So we can create our own cat program and put its path at the beginning of the PATH variable:
Note the use of
-pin thebashcommand. This allows us to get thepidof the effective user (eistein) instead of the user running the program (user)
Now we can run the learn binary and get the flag:
