Bandit level 19 will teach you about setuid and setgid flags, and how to search for them in a system using find command.
In general, setuid and setgid allows the user to execute a program at a higher privileges temporarily, due to not having enough permissions to run that file as the user itself.
For more information about it, you can check the wikipedia article.
Let’s start by logging into bandit level 19 machine
ssh firstname.lastname@example.org -p 2220
and with the password we got from the previous level
In order to know which file has setuid flag is set, you need to know that the permissions will be something at least 4000 where “4” is the setuid flag.
so let’s construct our find command to find that file
find / -perm -4000 2>/dev/null
and you should get the following files as a result
/home/bandit19/bandit20-do /home/bandit20/suconnect /home/bandit32/uppershell /home/bandit26/bandit27-do
and obviously, we need to check bandit20-do file, let’s let’s try to execute it and you would get
Run a command as another user. Example: ./bandit20-do id
so, it allows us to run a command as another user, which means we can access the password for bandit20 user if we go to cat /etc/bandit_pass/bandit20, so let’s try that
./bandit20-do cat /etc/bandit_pass/bandit20
and voila!, we get the password for the next level