# Setuid and Setgid Setuid is a Unix file flag that allows an executable to be run with the permissions of the file owner. It is often used to allow a user to perform tasks that would otherwise require privileged access. Setgid is the same concept but instead applies to groups rather than users. Let's take a look at the following example: ```bash -rwsr-sr-x 1 root root 122 May 14 22:25 thefile ``` setuid is indicated by the first s whereas setgid is indicated by the second s. ### Setting Permissions ```bash # Change the setsuid flag: chmod u+s $file # Change the setgid bit: chmod g+s $file # Change both the setuid and setgid bit: chmod +s $file ``` ### Locating SUID/SGID Binaries ```bash # Locate suid and sgid-enabled files for the current user find / -perm -u=s -type f 2>/dev/null ``` ### Escalating Privileges Escalating privileges with these bits greatly depends on the binary that we haev in our posession. One of my favorite ways to search for what an binary can do is by referencing GTFOBins: {% embed url="" %} ### References {% embed url="" %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://ttp.parzival.sh/pentesting/infrastructure/privilege_escalation/linux/setuid-and-setgid.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.