Share
## https://sploitus.com/exploit?id=D8F0F842-ECD7-538C-9DC7-C07CFA0AEC4B
# Software Security: Privilege Escalation Attacks

SEED Labs project demonstrating three privilege escalation techniques on a 32-bit Ubuntu 16.04 VM.

## Labs

### Lab 1 โ€” Environment Variables and Set-UID
Exploits a root Set-UID program that calls system("ls") with a relative path.
Attack: create a malicious ls binary and prepend its directory to PATH.

Run: cd Environment-Variables && ./exploit_path.sh

### Lab 2 โ€” Buffer Overflow
Exploits an unbounded strcpy() call to inject shellcode onto the stack and overwrite EIP.
BUF_SIZE: 24 | EBP: 0xbfffeab8 | Offset: 36

Run: cd Buffer-Overflow && python3 exploit.py && ./stack

### Lab 3 โ€” Return-to-Libc (Primary Task)
Bypasses Non-Executable Stack (NX) by redirecting execution to existing libc functions.
system(): 0xb7e42da0 | exit(): 0xb7e369d0 | /bin/sh: 0xb7f6382b | Offset: 24

Run: cd Return-To-Libc && gcc exploit.c -o exploit && ./exploit && ./retlib

## Environment Setup
sudo sysctl -w kernel.randomize_va_space=0
sudo ln -sf /bin/zsh /bin/sh

## Lab Environment
OS: Ubuntu 16.04 32-bit, SEED Labs VM
Course: Computer Security, Politehnica University of Timisoara
Based on SEED Labs by Prof. Wenliang Du, Syracuse University