SUID Binaries
Last updated
Was this helpful?
Last updated
Was this helpful?
SUID/Setuid stands for "set user ID upon execution", it is enabled by default in every Linux distributions. If a file with this bit is run, the uid will be changed by the owner one. If the file owner is root
, the uid will be changed to root
even if it was executed from user bob
. SUID bit is represented by an s
.
We can use this command to find all SUID binaries
If a suid binary executes another command without specifying the path. We can abuse it and get a privilege escalation.
You may use strings
to spot other binaries calls, or do some reverse engineering on the suid binary.
If the suid binary executes another command specifying the full path, then, we can try to export a function named as the command that the suid file is calling.
You may use strings
to spot others binary/command calls, or do some reverse engineering on the suid binary.
If you find some binary with SUID permissions, you could check if all the .so files are loaded correctly
You also could check if the SUID binary is loading a library from a folder where we can write:
Alternatively, you could use the strings
command to find used shared library