OK.. I've been reading about a few exploits and I decided to create a simple bin that could be open to an IFS exploit. Could someone tell me what I'm doing wrong?? No matter what I set IFS to it will always run /bin/date correctly. What I'm shooting for is bin: command not found. Then I'll make a bin script to say hello or something like that.
Here is my exploitable program.
Code:
#include <stdio.h> // habit
void main()
{
execl("/bin/date", "date", "+%D", NULL);
}
Here is my shell script to set PATH, IFS, and execute the program
Code:
#!/bin/sh
export IFS=/
export PATH=.:$PATH
/home/rmartine/bad_proggie
Any help here would be great. Thanks.