This part is about playing with SUID and SGID bits on 'l' details for files.
https://www.thegeekdiary.com/what-is-suid-sgid-and-sticky-bit/
says: When a command or script with SUID bit set is run, its effective UID becomes that of the owner of the file, rather than of the user who is running it.
SUID Bit User executes the file with permissions of the file owner
SGID Bit User executes the file with the permission of the group owner
To search the a system for these type of files run the following: find / -perm -u=s -type f 2>/dev/null
in short:
*creating shell call for curl in tmp file
*because usr/bin/menu is run as root
*curl is found in menu file
*write /tmp path in PATH
*execute menu file
*pick option1 and run modified curl aka /bin/sh
*check for id root
*access flags
MISC
writing shell scripts:
https://linuxcommand.org/lc3_wss0010.php
additional credits
https://clarencesubia.medium.com/tryhackme-kenobi-walkthrough-6cd316fd9c3c
*this is a part of tryhackme.com so the introduction and manual is their content. execution and guide-through is mine.
Top comments (0)