/usr/bin/viewuser
Earlier, I found an unusual binary with the SUID bit set
djmardov@irked:/$ file /usr/bin/viewuser
/usr/bin/viewuser: setuid ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=69ba4bc75bf72037f1ec492bc4cde2550eeac4bb, not stripped
djmardov@irked:/$ ll /usr/bin/viewuser
8.0K -rwsr-xr-x 1 root root 7.2K May 16 2018 /usr/bin/viewuserAs can be seen the binary has the SUID bit set
djmardov@irked:/$ /usr/bin/viewuser
This application is being devleoped to set and test user permissions
It is still being actively developed
(unknown) :0 2023-01-24 15:18 (:0)
djmardov pts/0 2023-01-24 15:20 (10.10.14.10)
sh: 1: /tmp/listusers: not foundUpon executing the binary, it prints out the current user and an error message.
The error message is very suggestive.
The binary is expecting a file, /tmp/listusers, but unable to locate it.
The /tmp directory is, by default, write-able by anyone
That being said, I sense a strong privilege escalation vector.