Lab 10.1: Linux Permission Vulnerabilities - squatchulator/Tech-Journal GitHub Wiki
- Create a new file called
effective_user.cunder your working directory, and add the following:
#include <stdlib.h>
#include <pwd.h>
#include <stdio.h>
#include <unistd.h>
int main(int argc, char *argv[])
{
struct passwd *pw;
uid_t uid;
uid = geteuid ();
pw = getpwuid (uid);
if (pw)
{
puts (pw->pw_name);
exit (EXIT_SUCCESS);
}
else
{
puts ("Error");
exit (EXIT_FAILURE);
}
}
- To use this program, first run
gcc effective_user.c -o effective_user.- This line uses the GNU Compiler Collection (gcc) to compile C source code.
- Now, whenever you run the program with
./effective_userit should show whoever the program is run as. - To see the permissions of a certain file in the numeric form, run
stat effective_userand look at theAccessline. - Now, change the group permissions of the file. You can do this with
sudo chgrp root effective_user. If you want to change the owner, usesudo chown root effective_user. - To search for SUID programs across your system, you can run
find / -perm -4000 2>/dev/null - Now, ssh into Rocky (10.0.17.200) with your Champlain creds, and search for SUID programs on there.
- The specific SUID program hidden in there can be found with
find / -perm -4000 2>/dev/null | grep -P '/(?!.*/)b.*'
- The specific SUID program hidden in there can be found with
- To find world readable files, you can do something similar with a few modifications:
find / -perm -2 -type f -name 's*' 2>/dev/null | grep -v "proc"