Previous Level: Level 19
ssh email@example.com -p 2220
To gain access to the next level, you should use the setuid binary in the homedirectory. Execute it without arguments to find out how to use it. The password for this level can be found in the usual place (/etc/bandit_pass), after you have used the setuid binary.
A little bit of Theory
Linux permissions is a very big topic. Each file has an owner and a group that owns the file. For the user, the group and the rest of the users the permissions can be set separately. It can be chosen if the file is readable, writable or executable. The permissions and owners of a file can be seen using the
ls -l command. The third column shows the user, the fourth the group and the first column shows the permissions. The permissions are written the following
rwxrwxrwx, the first three letters indicate the user has all permissions (read=r, write=w and execute=x). The next three letters indicate the permission of the group and the last of everyone else. If one of the letters is replaced with
-, this means the permission is not granted.
Suid is a special permission. It will replace the
x of the user permission. It means the binary will be run as the owner of the binary, not the one executing it. To give a binary suid permissions the following command needs to be used:
chmod u+s <filename>.
First, we check who the owner of the setuid binary is:
In this case, the owner is badit20 and the group is bandit19, this with ‘-rwsr-x—’ means the user bandit19 can execute the binary, but the binary is executed as user bandit20.
Executing the binary says it simply executes another command as another user (as already explained, this user is bandit20). This means we can access the bandit20 users password file, which can only be read by the user bandit20.
Next Level: Level 21