πSpecial Permissions
π― Overview
SUID and SGID special permissions allow programs to execute with elevated privileges, providing potential privilege escalation vectors through vulnerable or misconfigured binaries.
π Permission Types
SUID (Set User ID)
Symbol:
sin user execute positionFunction: Execute program with owner's privileges
Risk: If owner is root, program runs as root
SGID (Set Group ID)
Symbol:
sin group execute positionFunction: Execute program with group's privileges
Risk: Inherit group permissions during execution
π Enumeration Commands
Find SUID Binaries
Find SGID Binaries
Common SUID/SGID Locations
π― GTFOBins Exploitation
High-Risk SUID Binaries
Quick GTFOBins Check
π Common Exploitation Examples
nano/vim SUID Exploitation
find SUID Exploitation
python SUID Exploitation
less/more SUID Exploitation
π§ Advanced Techniques
Custom SUID Binary Analysis
Shared Library Hijacking
π Enumeration Script
π Quick Exploitation Reference
Immediate Privilege Escalation
Emergency Escalation Commands
π‘οΈ Defensive Considerations
Dangerous SUID Configurations
Text editors (nano, vim) with SUID
Interpreters (python, perl) with SUID
File utilities (find, cp, mv) with SUID
Custom applications in user directories
Hardening Recommendations
Special permissions create powerful attack vectors - SUID and SGID bits can transform ordinary binaries into privilege escalation tools when combined with GTFOBins techniques.
Last updated