I’m doing a CTF, and I used a SUID binary to get a shell for another account. I ran id and realized that I only had the UID for that account, & not access to their groups (makes sense given how SUID works).
How would you get access to a user’s groups if you already had their UID? I’m wondering if you could do it by backdooring ~/.bashrc or something.
I’m thinking that they may be in a docker group that’d let me PrivEsc to root.
I appreciate any sage wisdom from the power users out there.
[link] [comments]
from hacking: security in practice https://ift.tt/PlJsKG0
Comments
Post a Comment