# C code using getenv()

In "blog" CTF on TryHackMe, I encountered a chellenge where a C binary had SUID set. The binary's strings and ltrace output looked like this:

<figure><img src="https://62284611-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MSvRnuhl_P5WCd1fZEn%2Fuploads%2FsC80jQz95aCrBJlW8x5L%2Fimage.png?alt=media&#x26;token=62114b57-8797-4d54-9235-4c744873ee37" alt=""><figcaption></figcaption></figure>

<figure><img src="https://62284611-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MSvRnuhl_P5WCd1fZEn%2Fuploads%2Fibpji8BnQkr1Z1QszKGL%2Fimage.png?alt=media&#x26;token=95bb1bb8-fc97-48e7-abce-6cd125213344" alt=""><figcaption></figcaption></figure>

We see the binary is checking if environment variable "admin" is set.

And in strings output, we see "system" call being made. According to me pseudocode goes something like:

```clike
#include<whatever>
int main(){
    if(getenv("admin"))
    {
        system("/bin/bash");
    }
}
```

So, I set "admin" environment variable and ran the binary called "checker" and got root!

<figure><img src="https://62284611-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MSvRnuhl_P5WCd1fZEn%2Fuploads%2F2qNY4cZAO0VDciqQED5L%2Fimage.png?alt=media&#x26;token=c57b44a5-09a7-4a52-93e1-6e42b2329fb6" alt=""><figcaption></figcaption></figure>