> For the complete documentation index, see [llms.txt](https://hexisanoob.gitbook.io/hexisanoob/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://hexisanoob.gitbook.io/hexisanoob/ctf-challenge-learnings/c-code-using-getenv.md).

# C code using getenv()

In "blog" CTF on TryHackMe, I encountered a chellenge where a C binary had SUID set. The binary's strings and ltrace output looked like this:

<figure><img src="/files/N05fSC3Usc08l71ltNjn" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/26XLXV4OZSm2k7w0Y8Uj" alt=""><figcaption></figcaption></figure>

We see the binary is checking if environment variable "admin" is set.

And in strings output, we see "system" call being made. According to me pseudocode goes something like:

```clike
#include<whatever>
int main(){
    if(getenv("admin"))
    {
        system("/bin/bash");
    }
}
```

So, I set "admin" environment variable and ran the binary called "checker" and got root!

<figure><img src="/files/etb8bvHgaDpoqmzDsnnL" alt=""><figcaption></figcaption></figure>
