Permissions Group
Owner
Group
All Users
Permissions Type
Read
Write
Execute
chmod
User -> u
Group -> g
Others -> o
All Users -> a
Minus(-) & Plus (+)
Read -> r
Write -> w
Execute -> x
Example 1: chmod a+rwx <file_name>
Example 2: chmod a-wx <file_name>
chmod : binary Reference
r -> 4
w -> 2
x -> 1
Read Write Execute -> 7
Read Write -> 6
Read Execute -> 5
--- -> Users,Groups,Others
Example 1: chmod 777 <file_name>
Example 2: chmod 755 <file_name>
Owner and Groups
chown owner:group <file_name>
Example : chown root:family <file_name>
List Command
level00@nebula:~$ ls -al
total 5
drwxr-x--- 1 level00 level00 60 2020-05-09 00:36 .
drwxr-xr-x 1 root root 80 2012-08-27 07:18 ..
-rw-r--r-- 1 level00 level00 220 2011-05-18 02:54 .bash_logout
-rw-r--r-- 1 level00 level00 3353 2011-05-18 02:54 .bashrc
drwx------ 2 level00 level00 60 2020-05-09 00:36 .cache
-rw-r--r-- 1 level00 level00 675 2011-05-18 02:54 .profile
Special Permissions
The setuid/setguid permissions are used to tell the system to run an executable as the owner with the owner’s permissions.
chmod u+s <file_name>
Find Command [ Man Page ] Finding a file / directory
find . -name lol.txt -> current dir
find / -name lol.txt -> specific dir
find / -iname lol.txt -> file name case-insesitive
find / -type f -iname lol.txt -> type specific
find / -type f -name "*.php" -> extension specific
find / -type d -iname Pwn -> only directory
Finding with Permission
find / -type f -perm 0777 -print -> files which have 0777 permission
find / -type f ! -perm 0777 -print -> files which don't have 0777 permission
find / -perm -2644 -> find sgid files with 644 permission
find / -perm -1655 -> find sticky bits with 655 permission
find / -perm -4000 -> find setuid files only
find / -perm /u=s -> find setuid files
find / -perm /g=s -> find setgid files
find / -perm /a=x -> find executable files
Find files/directories and do something
find / -type -f -perm 0777 -print -exec chmod 0755 {} \;
find / -type -d -perm 777 -print -exec chmod 755 {} \;
Useful Arguments
-empty -> empty files
-name ".*" -> hidden files
-user root -> user specific
-group root -> group specific
-mtime 30 -> modified in 30 days
-atime 30 -> accessed in 30 days
-mtime +50 -mtime -60 -> modified between 50 days and 60 days
-cmin -60 -> changed file in one hour
-amin -60 -> accessed file in one hour
-mmin -60 -> modified file in one hour
-size 50M -> 50M files
-size 50+ -size -100 -> file sized between 50 and 100 M
Printing with Standard Output
find / -perm 0222 -type f -name "lol.txt" -print 2>/dev/null
Nebula Level 00 Description
This level requires you to **find** a Set User ID program that will run as the “flag00” account. You could also find this by carefully looking in top level directories in / for suspicious looking directories.
Answers
level00@nebula:~$ find / -user flag00 -perm /u=s -print 2>/dev/null
/bin/.../flag00
/rofs/bin/.../flag00
level00@nebula:~$ find / -user flag00 -perm -4000 -print 2>/dev/null
/bin/.../flag00
/rofs/bin/.../flag00
References