Lab 10.1: Linux Permission Vulnerabilities - morgan-hanrahan/Tech-Journal GitHub Wiki

Changing ownership of the c program executable so that the file is owned by the user 'root' and group 'root':

sudo chown root effective_user
sudo chgrp root effective_user 

Finding all suid programs accross kali

find / -perm -u=s -type f 2>/dev/null

• -perm -u=s permissions on files are user SUID
• -type f 2>/dev/null puts errors into /dev/null

Finding hidden suid program on rocky

find / -user root -perm -4000 -print 2>/dev/null

• -user specifies the owner of the file
• -perm -4000 SUID
• -print 2>/dev/null Puts errors into /dev/null

Creating a file named test.txt in /etc/ that is world writable and finding it

sudo vi /etc/test.txt 
# Put anything you want into this file 
sudo chmod o+w /etc/test.txt 
find /etc/ -perm -0002 -print 2>/dev/null | grep 'test.txt' 
# Grep isn't necessary, only used because we knew the name of the file and to reduce output 

• -perm -0002 permissions are others writeable
• -print 2>/dev/null Puts errors into /dev/null

Finding world writable hidden file on rocky

find / -type f -writable ! -path '/sys/*' 2>/dev/null | grep -v /proc

• -type f -writable files that are writable
• -path '/sys/*' doesn't include anything with path /sys/
• 2>/dev/null puts errors in /dev/null
• grep -v /proc doesn't show search results containing /proc

This command will also get rid of false positives from /sys and /proc.