Exploiting SUID and SGID binaries with Bash
SUID and SGID are special permissions in Unix-like systems that allow users to execute files with the permission of the file owner or group. When misused, these permissions can lead to privilege escalation. This section focuses on identifying and exploiting SUID/SGID binaries using Bash commands and scripts.
In a previous chapter, you learned about Linux file permissions. Let’s have a quick recap and then build on that concept to understand SUID and SGID.
If we enter the ls -l command and view the output for the shell.php file, we find the following:
-rw-r--r-- 1 root root 68 Jun 4 2019 shell.php
Let’s break that down. The first character is always either - for a file or d for a directory. In the following figure, I have highlighted the file type. Since the file type in this figure is a dash (-), we know this is a file:
Figure 11.24 – The...
