Class Activity 10.1 - Linux - Permission Vulnerabilities

To find files with a SUID bit I used find / -perm -4000 2>/dev/null

To find a suid program that starts with b I used find / -perm -4000 -name 'b*' 2>/dev/null

To find a word writeable file under /etc/ I used find /etc -type f -perm -o+w 2>/dev/null

To find a word writeable file that starts with s while filtering out /proc/ and /sys/ I used find / -type f -perm -o+w -name 's*' -not -path "/sys/*" -not -path "/proc/*" 2>/dev/null

Lab 10.2 - Exploiting Nancurinir

I was able to get through most of the lab without too much trouble, but I had a bit of difficulty after uploading the backdoor. The backdoor was not interactive so I couldn't cat the user flags. I spent a good amount of time trying to get my python script that connected back to a listener to work. However, I was eventually able to get it to work.