Priv esc using /usr/bin/passwd

In theory if the suid bit is enable on anything, i should be able to use it as root for privesc right?

I have this........

-rwsr-xr-x 1 root root 59680 May 17 2017 /usr/bin/passwd

but on some boxes it doesnt allow me to do

sudo /usr/bin/passwd .

Why does this happen?

Comments

  • First of all, SUID bit has nothing to do with sudo command.
    You should learn both of them separately.

    Now for /usr/bin/passwd, it is SUID by default.
    You can always check on your kali box to see whatever are SUID by default using command: find / -perm -4000 -type f 2>/dev/null

    If you are ever in doubt, you may also check out gtfobins.github.io site.

  • I have another question for you sir/madam. Will it be possible for you to mentor me for may be about a month? I wish to reach elite hacker level like you in the next 30 days. Currently i am preparing for my oscp exam. Failed 3 times. Also i wont be needing you to be there 24/7, just assist me every now and then to get to elite hacker level. I will be happy to pay you to answer some of my queries and help me ocassionally. Can paypal you. Ill just calculate how much i can pay per month and get back to you in a few hours may be.

    Respects to you Sir/Madam,
    Hansraj Rai

  • edited June 22

    Just for your info, passwd is suid because it needs to alter files that are owned by root and are not group/other writeable... Of course if you found a flaw in passwd binary that could lead to root :bleep_bloop:

    you got to eat shit to know shit

  • I am actually in pwk lab as well right now. Started it this month
  • herrmm

    Hack The Box
    ~ Halpless Technoweenie ~

Sign In to comment.