Posted on

Linux Privilege Escalation : Exploiting SetUID Bit

Hello, aspiring Ethical Hackers. In this article, you will learn how to perform linux privilege escalation by exploiting SetUID. In our previous article, we have exploited cron jobs to change SetUID bit of an executable. What exactly is a SetUID bit?

SETUID stands for Set User ID on execution. This allows a user with low privileges to run a command with higher privileges. The difference between SUDO and SETUID is that in SUDO you can execute a command only if the root user can do it.

With the concept of SETUID understood, let’s see how binaries with SETUID bit set can be found. One way to find them is by using find command as shown below.

Here are some examples of gaining root privileges by exploiting programs with SETUID bit set.

1. bash

2. csh

3. env

4. nice

5. node

6. setarch

7. stdbuf

8. strace

9. taskset

10. tclsh

11. time

12. timeout

13. unshared

14. xargs

15. php

16. expect

17. find

18. python

19. flock

20. gdb

21. ionice

22. logsave

23. make

These are some examples of linux privilege escalation by exploiting SETUID bit.