Secondary Categories: 02-Privilege Escalation

The SetUID is a unix flag that allows an executable to be run with the permissions of the file owner. The SetGID is the same concept, but with the permissions of the group.

-rwsr-sr-x 1 root root 122 May 14 22:25 thefile

Setting Permissions

#Change the setUID bit:
chmod u+s thefile
 
#Change the setGID bit:
chmod g+s thefile
 
#Change both the setUID and setGID bit:
chmod +s thefile

Searching for SetUID and SetGID Binaries

# Locate suid and sgid-enabled files for the current user
find / -perm -u=s -type f 2>/dev/null

Leveraging Unix Privileges

Once on a target system and you have identified binaries with setUID and setGID permissions we can potentially escalate our privileges by referencing GTFObins


Resources:

Also Check Out:

  • PLACEHOLDER