Bandit Level 19 | CodeMaxx.github.io

Bandit Level 19

OverTheWire logo

Level Goal:

To gain access to the next level, you should use the setuid binary in the homedirectory. Execute it without arguments to find out how to use it. The password for this level can be found in the usual place (/etc/bandit_pass), after you have used to setuid binary.

Commands you may need to solve this level

None

Helpful Reading Material

setuid on Wikipedia

Write-up

This is simple but interesting! This is an subtle example for how a single wrongly assigned permission can make your system vulnerable.

File Permission

I saw the owner of the bandit20-do is bandit20. The red highlight signifies that the file has elevated permissions and any commands executed through the runtime of the file will be run as bandit20.

I used this to get the password to next level.

Bad Permissions

Level 20 password: GbKksEFF4yrVs6il55v6gwY5aVje5f0j

Follow @CodeMaxx
Bandit Level 18
Akash Trehan

Akash Trehan

Hacker-Developer-Geek

comments powered by Disqus
rss facebook twitter github youtube mail spotify instagram linkedin google pinterest medium