0

I am trying to get a shell but it either doesn't open one or it throws an error and gets stuck saying

^[[B^[[B^[[B^[[B^[[B^[[B^[[B^[[B^[[B
sh: 1: : not found

Below is the .c code

#include<stdio.h>
#include <sys/types.h>
#include <unistd.h>
#include <grp.h>
    
int main(void)
{
    setgid(0);
    setuid(0);
    execl("/bin/sh", "sh", 0);
}

Please help me out with this as I'm new to it.

Gerhardh
  • 11,688
  • 4
  • 17
  • 39
RRHS
  • 99
  • 1
  • 2
  • 1
    The final argument of the call to `execl` should be `(char *)NULL` (or `(char *)0`). – Ian Abbott Mar 04 '22 at 17:02
  • 1
    Do note that the `setuid(0)` call appears to be pointless: it will fail (which you do not check) if the program is not already running with root privilege, and have no net effect if the program is running with root privilege. Similarly for the `setgid(0)`, except that that might produce a desired effect if the process is running as UID 0 but GID non-zero. – John Bollinger Mar 04 '22 at 17:15
  • I am trying this to understand more of privilege escalation. So, I am running this so that I can have a bash shell with root privileges. Hence, I have given those 2 lines of code. The same code worked for others, hence Im wondering what could have gone wrong here – RRHS Mar 04 '22 at 17:31
  • `1: not found` looks like the shell is running and finding a badly formatted input. Read up on the startup sequence for `sh` and check your dotfiles. – William Pursell Mar 04 '22 at 17:40

0 Answers0