In theory if the suid bit is enable on anything, i should be able to use it as root for privesc right?
I have this…
-rwsr-xr-x 1 root root 59680 May 17 2017 /usr/bin/passwd
but on some boxes it doesnt allow me to do
sudo /usr/bin/passwd .
Why does this happen?
First of all, SUID bit has nothing to do with sudo command.
You should learn both of them separately.
Now for /usr/bin/passwd, it is SUID by default.
You can always check on your kali box to see whatever are SUID by default using command: find / -perm -4000 -type f 2>/dev/null
If you are ever in doubt, you may also check out gtfobins.github.io site.
I have another question for you sir/madam. Will it be possible for you to mentor me for may be about a month? I wish to reach elite hacker level like you in the next 30 days. Currently i am preparing for my oscp exam. Failed 3 times. Also i wont be needing you to be there 24/7, just assist me every now and then to get to elite hacker level. I will be happy to pay you to answer some of my queries and help me ocassionally. Can paypal you. Ill just calculate how much i can pay per month and get back to you in a few hours may be.
Respects to you Sir/Madam,
Just for your info, passwd is suid because it needs to alter files that are owned by root and are not group/other writeable… Of course if you found a flaw in passwd binary that could lead to root :bleep_bloop:
I am actually in pwk lab as well right now. Started it this month