Secondary Categories: 02-Privilege Escalation
The SetUID is a unix flag that allows an executable to be run with the permissions of the file owner. The SetGID is the same concept, but with the permissions of the group.
-rwsr-sr-x 1 root root 122 May 14 22:25 thefile
Setting Permissions
#Change the setUID bit:
chmod u+s thefile
#Change the setGID bit:
chmod g+s thefile
#Change both the setUID and setGID bit:
chmod +s thefile
Searching for SetUID and SetGID Binaries
# Locate suid and sgid-enabled files for the current user
find / -perm -u=s -type f 2>/dev/null
Leveraging Unix Privileges
Once on a target system and you have identified binaries with setUID and setGID permissions we can potentially escalate our privileges by referencing GTFObins
Resources:
Also Check Out:
- PLACEHOLDER