Exploiting SUID Binaries

Linux has three main file permissions: read, write, and execute. But there are also special permissions for certain situations. One of these is SUID (Set Owner User ID).

What does SUID do? If a file has SUID set, when a user runs it, the file will execute with the permissions of the file owner instead of the user running it.

Why is SUID used? It allows normal users to run specific programs with higher privileges, often with root permissions.

Security Concern: SUID only applies while running the file—it doesn’t permanently give higher privileges. However, if misconfigured, attackers can exploit vulnerabilities in these files to gain full system control.

Exploitation

We will try to exploit this functionality to gain higher privileges. However, our success will depend on a few key factors:

Owner of the SUID Binary – Since we want to elevate our privileges, we will only target SUID binaries owned by the root user or other privileged users.
Access Permissions – We must have execute permissions to run the SUID binary.

ls -al # the permission having 's' is the SUID permission
file [FILE]
strings [FILE]
 - check binary names, 'setuid'
 - remove the binary

cp /bin/bash [REMOVED BINARY NAME]

PreviousMisconfigured Cron Jobs Nextshells

Last updated 4 months ago