Linux Privilege Escalation via Find Command

This scenario focuses on the discovery and exploitation of SUID misconfigurations on Linux systems, specifically targeting the find binary 🐧. The objective is to achieve privilege escalation to root by abusing an improperly configured SUID find binary.

🎯 Scenario Objective

When the find binary is owned by root and has the SUID bit set, it can be abused to execute commands with root privileges. This scenario demonstrates how such a misconfiguration can lead to full system compromise ⚠️.

🧩 Scenario Workflow (5 Steps)

🔍 SUID Enumeration The scenario begins by identifying binaries with the SUID bit set across the system to locate potential privilege escalation vectors.

🔎 SGID Enumeration Next, binaries with the SGID bit set are enumerated to further assess privilege escalation opportunities.

📖 Unauthorized File Read via SUID find The SUID find binary is exploited to read a restricted file, such as the root user’s history file, which should normally be inaccessible.

✍️ Unauthorized File Write The scenario demonstrates how find can be abused to write files into protected directories, bypassing standard permission controls.

⚡ Root Command Execution Finally, the SUID find binary is leveraged to execute arbitrary commands with root privileges, resulting in full privilege escalation.

🛠️ Detection & Exploitation Technique

This scenario showcases a realistic Linux privilege escalation path by chaining enumeration and exploitation techniques commonly observed in real-world attacks. It highlights the risks associated with misconfigured SUID binaries and emphasizes the importance of proper permission management 🔐.

🎯 Use Cases

This scenario is ideal for:

🧪 Privilege escalation testing on Linux systems

🔐 Auditing SUID / SGID misconfigurations

🎓 Training and demonstration of local Linux exploitation techniques

🧠 Understanding post-exploitation attack paths