Home Articles Network Sec

Linux Privilege Escalation: Exploiting SUID Binaries

Network Sec

June 17, 2026

10 min read

TL;DR: Understand SUID permission bits on Linux systems, learn how to enumerate misconfigured binaries, and abuse them to spawn root shells.

Set User ID (SUID) Fundamentals

In Unix-like systems, SUID (Set Owner User ID upon execution) is a special type of file permission given to a file. It allows users to execute the file with the permissions of the file owner, rather than the user running it.

1. Enumerating SUID Binaries

To identify all files with the SUID permission bit set that are owned by the root user, run the following find command:

find / -perm -4000 -type f 2>/dev/null

/: Search from root directory.
-perm -4000: Match files with SUID bit set.
-type f: Search for files only.
2>/dev/null: Redirect permission errors to void.

2. Abuse Vectors & GTFOBins

If standard utilities like find, vim, nano, or cp are given SUID bits, they can be abused to read sensitive files or spawn shells. GTFOBins is a curated list of such binaries.

# Example: If "find" is SUID, execute to get root shell:
find . -exec /bin/sh -p \; -quit

Knowledge Verification Checkpoint

Answer this question to verify your understanding of this write-up.

Question: Which find command flags are used to scan for root-owned SUID binaries?

Comments Feed (0)

Participate in technical discussions. Keep communications professional.

No transmissions logged yet. Start the discussion below.