ellingson write-up by epi

HTB{ ellingson }

My write-up of ellingson; A nostalgic (and awesome) box from Ic3M4n, aka @BenGrewell where we exploit a misconfigured Flask site, find some creds laying around, and then perform a Ret2libc attack on a SUID bit binary to get root.

Feel free to hit me up with any questions/comments. Thanks!

I don’t understand why we are giving the setuid(0) .
For ‘0’ it represents root user i knew it.
But this binary why we are giving setuid() please answer me dude.
I don’t understand.