HTBGitHubLinkedInNotion (Writeups)

Exploiting Setuid Programs

Lab Environment

In this lab environment, you will be provided with GUI access to a Kali machine. A terminal access to the target machine is provided at target.ine.local:8000, which you can access over the browser in Kali.

On the target machine, you are provided a regular user account and need to escalate your privileges to become root. There are 2 programs in the home directory welcome and greetings which might be vulnerable.

Objective: Your task is to -

  1. Get a root shell on the system

  2. View /etc/shadow

  3. Retrieve the flag.

Tools

The best tools for this lab are:

  • Firefox

Writeup

find / -perm -4000 2>/dev/null
strings /home/studen/welcome
rm greetings
cp /bin/bash greetings
./welcome
PreviousCron Jobs Gone Wild IINextPassword Cracker: Linux

Last updated