search

privilege escalation [Got-Find]

While searching for SUID. I found that find command has SUID bit set.

postgres@nibbles:/tmp$ find / -perm -u=s -type f 2>/dev/null
find / -perm -u=s -type f 2>/dev/null
/usr/lib/eject/dmcrypt-get-device
/usr/lib/openssh/ssh-keysign
/usr/lib/dbus-1.0/dbus-daemon-launch-helper
/usr/bin/chfn
/usr/bin/passwd
/usr/bin/gpasswd
/usr/bin/chsh
/usr/bin/fusermount
/usr/bin/newgrp
/usr/bin/su
/usr/bin/mount
/usr/bin/find
/usr/bin/sudo
/usr/bin/umount

hashtag
Exploiting find command:

Logofind | GTFOBinsgtfobins.github.iochevron-right

Got the elevated privilege.

circle-info

Note that the id command shows data for Postgres but is the root user.

Previouslooking for public exploit. [Initial access]Nextlocal.txt & proof.txt

Last updated

Was this helpful?