Published in


Series of CTF machines Walkthrough #7 Linux Privilege Escalation using SUID permissions.

Image from Google

Hello Hackers, In this blog we are going to learn how to escalate the privileges by exploiting the SUID bit permissions which are set to the files and programs, In the last blog we learnt about “SUDO exploitation”, so make sure to read the previous blog.

For this blog, I’m using the vulnerable machine from TryHackMe called “Linux Privilege Escalation”.

Let’s Start,

We already have the SSH credentials from TryHackMe, lets use those credentials and login to SSH via terminal.
(ssh karen@IPaddress)

Image from TryHackMe

What is SUID permissions?

SUID (Set-User Identification) is the special permission which is set to the files and programs, if the file or program has set a SUID permission it will run as the owner of the file.

To find the SUID permission files or programs in linux, you can use the “find / -type f -perm -4000 -ls 2>/dev/null” command.

You can see in the above image many files and programs set as a SUID permissions.

Now use the “gtfobins” to exploit for the miss-configured SUID set permissions and elevate privileges.

After researching “/base64” program is vulnerable to SUID bit permissions so open the “gtfobins” and paste the base64 and click on the suid and you can see the above commnads now paste the commands as shown below in the image.

As you can see in the above image, at first we are not able to see the content on the ‘flag3.txt” file after using the commands from the gtfobins we are able to see the content.

By using this method you can see the content from the “/etc/shadow” file and also you can bruteforce the hash using ‘JohntheRipper’.

That’s it for today’s blog, if any mistakes please let me know in the comment section, for further write-ups make sure to follow on“Linked-in & Twitter”.

The next write up will be on “Capabilities”.




Where Innovation is Composed

Recommended from Medium

Cross-site Scripting (XSS) simplified: What is it & how to prevent it?

Broken Access Control — OWASP Top 10

Multi Finance review

There’s Magic in the air! (3 of 3)

{UPDATE} Cool Date 3D Hack Free Resources Generator

Why hackers prevail during a crisis?

{UPDATE} Hidden Treasures of Time Hack Free Resources Generator

OFAC Checker: best sanction screening tool for Salesforce

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


Cyber Security Researcher || Security Analyst || CTF Player || Webapp Pentester || Ethical Hacker

More from Medium

What is LXC & LXD | How to escalate privileges using LXD in linux systems

HackTheBox: Horizontall Writeup

Cybersecurity — an Introduction

Sense | HackTheBox writeup