Overview
SUID (Set User ID) binaries run as the file owner. If owner is root → code runs as root regardless of who executes it. SGID (Set Group ID) runs with the file’s group permissions.Find SUID Binaries
Find SGID Binaries
Both
GTFOBins
Check every SUID binary against GTFOBins:Common SUID Exploits
bash
-p preserves effective UID (root).
find
cp
Copy/etc/shadow or overwrite /etc/passwd:
vim / vi
python
perl
nmap (Old Versions)
env
less / more
nano
Custom SUID Binary
If you find unknown SUID binary, analyze it:Check What It Does
Shared Library Injection
Check for missing libraries:PATH Hijacking on SUID Binary
If SUID binary calls a command without full path (e.g.,system("cat /etc/shadow")):