An all-in-one tool to edit a leaked file descriptor in SetUID binaries.
Blog: TBD
This repo is used to provides C code to help exploit a leaked or inherited file handle in a SetUID drop-privileges process or child process. This tool will
- Enumerate the /proc/self/fd folder for interesting fds that are open
- List them in a menu to select the target easily
- use lseek() and read() to copy the file contents to
/tmp/si_fd_edit - Open the
/tmp/si_fd_editin nano for editing - Upon exiting the editor, it will ask if you want to overwrite the original file with the edits
- If you select yes, it will lseek() to the beginning and write your modified file to the original
This tool can be built by simply running the make make command.
- If the edit results in the edited file being smaller that the original, there will be trailing garbage from the original file left over.