Hello, aspiring Ethical Hackers. In this article, you will learn how to perform linux privilege escalation by exploiting SetUID. In our previous article, we have exploited cron jobs to change SetUID bit of an executable. What exactly is a SetUID bit?
SETUID stands for Set User ID on execution. This allows a user with low privileges to run a command with higher privileges. The difference between SUDO and SETUID is that in SUDO you can execute a command only if the root user can do it.
With the concept of SETUID understood, let’s see how binaries with SETUID bit set can be found. One way to find them is by using find command as shown below.
Here are some examples of gaining root privileges by exploiting programs with SETUID bit set.
These are some examples of linux privilege escalation by exploiting SETUID bit.