π―Shared Object Hijacking
π― Overview
Shared object hijacking exploits custom library dependencies in SUID binaries through writable RUNPATH directories, allowing malicious library injection for privilege escalation.
π Prerequisites & Detection
Find SUID Binaries with Custom Libraries
# Find SUID binaries
find / -type f -perm -4000 2>/dev/null
# Check library dependencies
ldd binary_name
# Look for non-standard libraries
# Example: libshared.so => /development/libshared.soCheck RUNPATH Configuration
# Check RUNPATH/RPATH settings
readelf -d binary_name | grep PATH
# Example output:
# 0x000000000000001d (RUNPATH) Library runpath: [/development]Verify Directory Permissions
π Exploitation Process
Step 1: Identify Missing Function
Step 2: Create Malicious Library
Step 3: Compile and Deploy
Step 4: Execute and Escalate
π§ Advanced Techniques
Function Discovery Methods
Multiple Function Implementation
π Detection & Enumeration
Shared Object Hijacking Check
Quick Analysis Commands
π Quick Reference
Immediate Checks
Emergency Exploitation
HTB Academy Workflow
Shared object hijacking exploits custom library loading mechanisms - writable RUNPATH directories combined with SUID binaries create privilege escalation opportunities through malicious library injection.
Last updated