linux
ethical-hacking
suid
privilege-escalation
lateral-movement
sudo
Getting in is not enough. You have to rise. You have to take control.
Accessing a system doesn't mean you've won. You're inside, yes, but chained. The real game begins when you need more. More permissions. More control. More power.
That's privilege escalation. And this lesson is a map to find the cracks in a structure built by hands that make mistakes.
Privilege escalation happens when a user with limited access manages to perform actions reserved for higher authority accounts, like root
.
root
).Because systems are configured by humans.
And humans make mistakes.
Common mistakes that allow escalation:
sudo
without restrictions or without a password.The SUID (Set User ID) bit, when set on an executable file, allows any user to run the file with the owner's permissions.
For example:
1ls -l /usr/bin/passwd 2-rwsr-xr-x 1 root root 54256 Jan 1 00:00 /usr/bin/passwd
That s
instead of the x
indicates it has SUID.
The passwd
binary needs to modify /etc/shadow
, but normal users don't have that permission. SUID allows this action in a controlled way.
But when custom or insecure binaries have this bit... unexpected paths open up.
1find / -perm -4000 -type f 2>/dev/null
If you find a binary owned by
root
, has SUID, and you can execute it… you know what to do.
sudo
?`sudo