Ethical Hacking Academy · Lesson

SUID and Sudo Abuse

Misconfigurations.

The SUID Bit

The SUID permission bit makes a file run with the privileges of its owner rather than the user who launched it. When the owner is root, a SUID binary executes as root — useful for tools like passwd, but dangerous if abused.

-rwsr-xr-x  1 root root  /usr/bin/passwd
# the s in rws = SUID bit

Finding SUID Binaries

Enumerate every SUID file and compare against a known-safe baseline. Anything unusual — a text editor, an interpreter, a custom binary — is a candidate.

find / -perm -4000 -type f 2>/dev/null

All lessons in this course

Enumeration
SUID and Sudo Abuse
Cron Jobs and PATH
Kernel Exploits

← Back to Ethical Hacking Academy