There is no code to exploit in this challenge but we have to exploit a cron job which runs after each couple of minutes. There is a crontab in writable.d and a script writable.sh in the /home/flag03
We have to make a C/C++ program which will SUID enabled.
I used the code from the level02
uid = geteuid();
setresgid(gid, gid, gid);
I tried to save it in /home/flag03, but i didn’t had enough permission
But i have the permission to make a file inside writable.d..Then i copied the output file of the above program into writable.d/ and waited for few minutes. But that didn’t also work
Finally i succeeded in this step. I made an executable shell script inside writable.sh which will compile the above given code and put the output file in /home/flag03 which is suid bit set.
$ vim writable.d/job1
I waited for few minutes and after that an executable file named shell with suid set file appeared in /home/flag03/
I didn’t waste much time. I executed the shell file and got flag03 shell \m/