SUIDs

In Linux when an executable is run, it takes the permissions of the user that runs it. But if an executable has SUID bit set, then the executable runs with the permissions of the owner of the exe.

The list of executables with permission set and accessible by the current user can be found using the following command,

find / -perm -u=s -type f 2>/dev/null

Then once you have the list, you can access the following website to get the commands that can be executed to achieve privilege escalation,

https://gtfobins.github.io

Last updated