L-SUID-ABUSEPrivilege Escalation

SUID Binary Abuse

Find an unintended SUID binary (find / nmap / vim / less / awk) — exploit per GTFOBins for root.

§ Where this technique fits

L-SUID-ABUSE is catalogued under the Privilege Escalation tactic of the offensive-security kill-chain. It appears in 1 approved dossier in the registry, typically at step 3 on average.

§ Dossiers chaining this technique

SUID binary → root via GTFOBins
Find an unusual SUID binary (find / nmap / vim / awk / less), check GTFOBins for the privilege-escalation primitive, spawn a root shell.
step 3 / 5

§ What commonly comes next

01
Command and Scripting Interpreter
T1059 · Execution
seen 1×

§ Where this technique fits

§ Dossiers chaining this technique

SUID binary → root via GTFOBins

§ What commonly comes next