Bandit Level 19 Solution

Bandit level 19 will teach you about setuid and setgid flags, and how to search for them in a system using find command.

In general, setuid and setgid allows the user to execute a program at a higher privileges temporarily, due to not having enough permissions to run that file as the user itself.

For more information about it, you can check the wikipedia article.

Let’s start by logging into bandit level 19 machine

ssh bandit19@bandit.labs.overthewire.org -p 2220  

and with the password we got from the previous level

IueksS7Ubh8G3DCwVzrTd8rAVOwq3M5x

In order to know which file has setuid flag is set, you need to know that the permissions will be something at least 4000 where “4” is the setuid flag.

so let’s construct our find command to find that file

find / -perm -4000 2>/dev/null

and you should get the following files as a result

/home/bandit19/bandit20-do
/home/bandit20/suconnect
/home/bandit32/uppershell
/home/bandit26/bandit27-do

and obviously, we need to check bandit20-do file, let’s let’s try to execute it and you would get

Run a command as another user.
  Example: ./bandit20-do id

so, it allows us to run a command as another user, which means we can access the password for bandit20 user if we go to cat /etc/bandit_pass/bandit20, so let’s try that

./bandit20-do cat /etc/bandit_pass/bandit20

and voila!, we get the password for the next level

GbKksEFF4yrVs6il55v6gwY5aVje5f0j