Given this information, which of the following is the MOST likely path of exploitation to achieve root privileges on the machines?

After gaining initial low-privilege access to a Linux system, a penetration tester identifies an interesting binary in a user’s folder titled “changepass”

-sr Cxr -x 1 root root 6443 Oct 18 2017 /home/user/changepass

Using “strings” to print ASCII printable characters from changepass, the tester notes the following:

$ strings changepass

Exit

setuid

strmp

GLINC _2.0

ENV_PATH

%s/changepw

malloc

strlen

Given this information, which of the following is the MOST likely path of exploitation to achieve root privileges on the machines?
A . Copy changepass to a writable directory and export the ENV_PATH environmental variable to the path of a token-stealing binary titled changepw. Then run changepass
B . Create a copy of changepass in the same directory, naming it changpw. Export the ENV_PATH environmental variable to the path “/home/user’. Then run changepass
C . Export the ENV_PATH environmental variable to the path of a writable directory that contains a token-stealing binary title changepw
D . Run changepass within the current directory with sudo after exporting the ENV_PATH environmental variable to the path of ‘/usr/local/bin’

View Answer

Answer: D