Special Permissions Linux

I’ve been working on a Linux privilege escalation problem that involves special permissions, specifically the setuid bit. The question I’m trying to answer is “Find a file with the setuid bit set that was not shown in the section command output (full path to the binary).”

I ran the suggested command find / -user root -perm -4000 -exec ls -ldb {} \; 2>/dev/null and found a file that wasn’t shown in the command output, which is /usr/bin/facter. I’m unsure if the answer is supposed to include the full path with the root directory, or if /usr/bin/facter is sufficient.

I’ve been working on this for 8 hours and I’m feeling exhausted. If anyone can provide any guidance or clarification, I would greatly appreciate it.

Edit: I’ve solved it. You just need to look carefully at the outputs.

1 Like

Thank you.
Im tired. I did not see it for a long time.

1 Like

Thanks a lot for B.
If you really can’t find a clue, you can try to enumerate the output of find

can you tell me more how? already tried ‘/usr/lib/snapd/snap-confine’ but doesn’t work, ‘/usr/bin/facter’ does not work too, but it instead work for the the other question, so how do I supposed to solve this?

Guess you’re asking the “find setuid” question.
Once logged in to ssh, run the cheat sheet “Find binaries with the SUID bit set” directly.

Will get a list of about 30 “-rwsr-xr-x 1 root root” files /forgotten/ :expressionless:
Commit these directories in order. The correct answer can be obtained with less than the tenth one in my impression.

Compare the output of the example with the list of your command. :slight_smile: Facter is in the example, I wasted my time with that. Look carefully


I am stuck at the same. I resolved the second question where I was able to sort out between 2 files, but on the first one , I am looking and looking and at the end tried almost every path but without success. Any clue on this question?

Try /bin/sed

find / -user root -perm -4000 -exec ls -ldb {} ; 2>/dev/null
when you start this command, you need to enter in every path one by one until you found a files that will not appears on the path
In my example /bin/sed is one of them

1 Like

Thanks. I thought that there must be something with the “s” but apparently no.

can you please give me a clue for the first question?
I’m here almost 3 hours

I just wonder how such a question will test your understanding of the topic. Comparing the output of the same command on two different systems (supposively)?! this question does not make sense to me to gauge your understanding of the material!!

Indeed, enumerating answers is somewhat equivalent to giving up on understanding the subject, especially in areas where deeper exploration is possible. I just want to express to those who have been stuck for hours that they can temporarily bypass the difficult point by enumerating, without losing their enthusiasm, and then revisit it with a clearer mind to enhance their understanding.

Additionally, can you elaborate on how to better understand this part?

This program is not in the main output either, but it’s not accepted as an answer. /usr/bin/traceroute6.iputils


1 Like

you can use one of the given commands and then compare the output and write the full path