SUID / SGID Executables - Known Exploits
Enumeration
We are going to exploit a vulnerable suid/sgid executable to escalate our privileges to root. Let’s find all the SUID/SGID executables on the machine.
As you can see, suid/sgid is set on exim-4.84-3. By searching on exploit-db, we found out that it’s vulnerable to local privilege escalation
Exploitation
We will copy the exploit and execute it on our target machine, which if successful will provide us with a root shell.
