Back to privilege-escalation~6d04fe7a

SUID

privilege-escalation~6d04fe7a

0/193 challenges completed

If the binary has the SUID bit set, it does not drop the elevated privileges and may be abused to access the file system, escalate or maintain privileged access as a SUID backdoor. If it is used to run sh -p, omit the -p argument on systems like Debian (<= Stretch) that allow the default sh shell to run with SUID privileges. This example creates a local SUID copy of the binary and runs it to maintain elevated privileges. To interact with an existing SUID binary skip the first command and run the program using its original path.

Challenges

1

aa-exec

2

ab

3

agetty

4

alpine

5

ar

6

arj

7

arp

8

as

9

ascii-xfr

10

ash

11

aspell

12

atobm

13

awk

14

base32

15

base64

16

basenc

17

basez

18

bash

19

batcat

20

bridge

21

busctl

22

busybox

23

bzip2

24

cabal

25

capsh

26

cat

27

chgrp

28

chmod

29

choom

30

chown

31

chroot

32

clamscan

33

cmp

34

column

35

comm

36

cp

37

cpio

38

cpulimit

39

csh

40

csplit

41

csvtool

42

cupsfilter

43

curl

44

cut

45

dash

46

date

47

dd

48

debugfs

49

dialog

50

diff

51

dig

52

distcc

53

dosbox

54

ed

55

efax

56

elvish

57

emacs

58

env

59

eqn

60

espeak

61

expand

62

expect

63

file

64

find

65

fish

66

flock

67

fmt

68

fold

69

gawk

70

gcore

71

gdb

72

genisoimage

73

gimp

74

grep

75

gtester

76

gzip

77

head

78

hexdump

79

highlight

80

hping3

81

iconv

82

install

83

ionice

84

ip

85

ispell

86

jjs

87

join

88

jq

89

jrunscript

90

ksh

91

ksshell

92

ld.so

93

less

94

links

95

logsave

96

look

97

lua

98

make

99

mawk

100

minicom

101

more

102

mosquitto

103

msgfilter

104

msgmerge

105

msguniq

106

multitime

107

mv

108

nasm

109

ncftp

110

nice

111

nl

112

nm

113

nmap

114

node

115

nohup

116

od

117

openssl

118

openvpn

119

pandoc

120

paste

121

perl

122

pexec

123

php

124

pidstat

125

pr

126

ptx

127

python

128

rc

129

readelf

130

restic

131

rev

132

rlwrap

133

rsync

134

rtorrent

135

run-parts

136

sash

137

scanmem

138

sed

139

setarch

140

setfacl

141

setlock

142

shuf

143

soelim

144

softlimit

145

sort

146

sqlite3

147

ss

148

ssh-agent

149

ssh-keygen

150

ssh-keyscan

151

sshpass

152

start-stop-daemon

153

stdbuf

154

strace

155

strings

156

su

157

sysctl

158

tac

159

tail

160

taskset

161

tbl

162

tclsh

163

tee

164

tftp

165

tic

166

time

167

timeout

168

troff

169

ul

170

unexpand

171

uniq

172

unsquashfs

173

unzip

174

update-alternatives

175

uudecode

176

uuencode

177

varnishncsa

178

view

179

vim

180

w3m

181

watch

182

wc

183

wget

184

whiptail

185

xargs

186

xdotool

187

xmodmap

188

xmore

189

xxd

190

xz

191

yash

192

zsh

193

zsoelim